PT-2024-27524 · Ivanti · Ivanti Docs@Work

Published

2024-08-07

Updated

2024-08-30

CVE-2024-37403

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ivanti Docs@Work for Android versions prior to 2.26.0

Description The issue arises from the application's failure to properly sanitize file names, leading to a path traversal-affiliated vulnerability. This could potentially allow other malicious apps on the device to read sensitive information stored in the app root.

Recommendations For versions prior to 2.26.0, update to version 2.26.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information stored in the app root until the update is applied.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-24

Related Identifiers

CVE-2024-37403

Affected Products

Ivanti Docs@Work

PT-2024-27524 · Ivanti · Ivanti Docs@Work

CVE-2024-37403

Weakness Enumeration

Related Identifiers

Affected Products

References · 5