A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality.
If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Application_control | Ivanti | * | 2023.3 (excluding) |
Application_control | Ivanti | 2023.3 (including) | 2023.3 (including) |
Application_control | Ivanti | 2023.3-hf1 (including) | 2023.3-hf1 (including) |
Application_control | Ivanti | 2023.3-hf2 (including) | 2023.3-hf2 (including) |
Application_control | Ivanti | 2024.1 (including) | 2024.1 (including) |
Application_control | Ivanti | 2024.1-hf1 (including) | 2024.1-hf1 (including) |
Application_control | Ivanti | 2024.3 (including) | 2024.3 (including) |
Security_controls | Ivanti | * | 2024.4.1 (including) |