Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-37403

Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information stored in the app root.

Published

2024-08-07T04:17:18.653

Last Modified

2025-03-25T17:15:57.523

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-22
Type: Secondary
CWE-24

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ivanti	docs\@work	< 2.26.0	Yes

References

https://forums.ivanti.com/s/article/Security-Advisory-CVE-2024-37403-Dirty-Stream-for-Ivanti-Docs-Work-for-Android Vendor Advisory ([email protected])