CVE-2023-39339 — Path Traversal in Ivanti Policy Secure

CWE-22 — Path Traversal3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

1.1%

top 22.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ivanti Policy Secure

Timeline

PublishedJul 12

Description

A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ivanti/policy_secure22.6R1 — 22.6R1

▶NVDivanti/policy_secure< 22.6+1

🔴Vulnerability Details

CVEList

CVE-2023-39339: A vulnerability exists on all versions of Ivanti Policy Secure below 22↗2025-07-12

▶

GHSA

GHSA-whgg-c8ff-264h: A vulnerability exists on all versions of Ivanti Policy Secure below 22↗2025-07-12

▶