VDB

GCVE-110-NCSC-2024-442

GCVE-110-NCSC-2024-442
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published November 13, 2024
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Weaknesses (CWE)

CWE-476NULL Pointer DereferenceCWE-416Use After FreeCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-125Out-of-bounds ReadCWE-787Out-of-bounds WriteCWE-276Incorrect Default PermissionsCWE-121Stack-based Buffer OverflowCWE-426Untrusted Search Path

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersionsPlatforms
ivanticonnect_secure
ivantipolicy_secure

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,580 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›