CVE Vulnerabilities

CVE-2024-10630

Race Condition within a Thread

Published: Jan 14, 2025 | Modified: Jul 11, 2025
CVSS 3.x
7
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality.

Weakness

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.

Affected Software

Name Vendor Start Version End Version
Application_control Ivanti * 2023.3 (excluding)
Application_control Ivanti 2023.3 (including) 2023.3 (including)
Application_control Ivanti 2023.3-hf1 (including) 2023.3-hf1 (including)
Application_control Ivanti 2023.3-hf2 (including) 2023.3-hf2 (including)
Application_control Ivanti 2024.1 (including) 2024.1 (including)
Application_control Ivanti 2024.1-hf1 (including) 2024.1-hf1 (including)
Application_control Ivanti 2024.3 (including) 2024.3 (including)
Security_controls Ivanti * 2024.4.1 (including)

Potential Mitigations

References