CVE-2018-6316

EUVD-2018-18077
Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
ivantiendpoint_security
𝑥
≤ 8.5
ivantiendpoint_security
8.5:update_1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.ivanti.com/docs/DOC-65656
https://community.ivanti.com/docs/DOC-65656