Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-10630

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality.

Published

2025-01-14T17:15:13.857

Last Modified

2025-07-11T17:38:45.570

Status

Analyzed

Source

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
CWE-366

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ivanti	application_control	< 2023.3	Yes
Application	ivanti	application_control	< 2023.3	Yes
Application	ivanti	application_control	2023.3	Yes
Application	ivanti	application_control	2023.3	Yes
Application	ivanti	application_control	2023.3	Yes
Application	ivanti	application_control	2024.1	Yes
Application	ivanti	application_control	2024.1	Yes
Application	ivanti	application_control	2024.3	Yes
Application	ivanti	security_controls	≤ 2024.4.1	Yes

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Application-Control-Engine-CVE-2024-10630 Vendor Advisory, Mitigation (3c1d8aa1-5a33-4ea4-8992-aadd6440af75)