Vulnerability Details CVE-2024-37403
Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information stored in the app root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.0%
CVSS Severity
CVSS v3 Score 5.0
Products affected by CVE-2024-37403
-
cpe:2.3:a:ivanti:docs@work:-
-
cpe:2.3:a:ivanti:docs@work:2.17.0
-
cpe:2.3:a:ivanti:docs@work:2.18.0
-
cpe:2.3:a:ivanti:docs@work:2.19.0
-
cpe:2.3:a:ivanti:docs@work:2.20.0
-
cpe:2.3:a:ivanti:docs@work:2.21.0
-
cpe:2.3:a:ivanti:docs@work:2.22.0
-
cpe:2.3:a:ivanti:docs@work:2.23.0
-
cpe:2.3:a:ivanti:docs@work:2.24.0
-
cpe:2.3:a:ivanti:docs@work:2.25.0