CVE-2024-10630

HIGH
Published Jan 14, 2025 Modified Jul 11, 2025 CWE-366

Description

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality.

CVSS v3.1 Score

7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-366 CWE-366

Affected Products

Vendor Product
ivanti application_control
ivanti application_control
ivanti application_control
ivanti application_control
ivanti application_control
ivanti application_control
ivanti application_control
ivanti application_control
ivanti security_controls

References

Frequently Asked Questions

What is CVE-2024-10630? +
A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. It has a CVSS v3.1 base score of 7.8 (HIGH).
How severe is CVE-2024-10630? +
CVE-2024-10630 has a CVSS v3.1 score of 7.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2024-10630? +
CVE-2024-10630 affects products from ivanti, specifically: application_control, security_controls. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-10630? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder …
CVE-2025-58143 9.8

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple …
CVE-2024-6778 7.5

Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious …
CVE-2024-2032 3.1

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple …
CVE-2024-11639 10.0

An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain …
CVE-2025-22467 9.9

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-10630 — free, no signup required.

Start Free Scan