CVE-2024-1603
published 2024-03-23CVE-2024-1603: paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.56%
42.6th percentile
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paddlepaddle | paddlepaddle | — | — |
| paddlepaddle | paddlepaddle | 0 – 2.6.0 | — |
| paddlepaddle | paddlepaddle_paddle | unspecified – latest | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.08.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
cisa7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
ghsa·2024-03-23
CVE-2024-1603 [HIGH] CWE-73 PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
OSV
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
osv·2024-03-23
CVE-2024-1603 [HIGH] PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
CISA
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
cisa·2026-03-09·CVSS 7.5
CVE-2026-1603 [HIGH] CWE-288 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Vulnerability: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Affected: Ivanti Endpoint Manager (EPM)
Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
Remediation Due Date: 2026-03-23
No detection rules found.
Nuclei
Ivanti Endpoint Manager - Authentication Bypass
nuclei·CVSS 7.5
CVE-2026-1603 [HIGH] Ivanti Endpoint Manager - Authentication Bypass
Ivanti Endpoint Manager - Authentication Bypass
Ivanti Endpoint Manager < 2024 SU5 contains an authentication bypass caused by improper access control, letting remote unauthenticated attackers leak stored credential data, exploit requires no special privileges.
Template:
id: CVE-2026-1603
info:
name: Ivanti Endpoint Manager - Authentication Bypass
author: DhiyaneshDk,watchtowrlabs
severity: high
description: |
Ivanti Endpoint Manager < 2024 SU5 contains an authentication bypass caused by improper access control, letting remote unauthenticated attackers leak stored credential data, exploit requires no special privileges.
impact: |
Remote attackers can leak stored credential data, potentially compromising sensitive information.
remediation: |
Update to version 2024 SU5 or later.
referenc
No writeups or analysis indexed.
2024-03-23
Published