GCVE - cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*

part: a version: 9.0 update: r1

Vendor	Ivanti (`40b984ad-e54c-5e1b-9aa1-2a4cd4d61129`)
Product	Connect Secure (`61f5b622-21c4-5d14-b120-bd5f32132cfb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-21893`	vulnerable	2026-06-03 14:54:51.174325	Details available HIGH (8.2) A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. Published: 2024-01-31T17:51:35.095Z Updated: 2025-10-21T23:05:25.541Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-21888`	vulnerable	2026-06-03 14:54:51.138233	Details available HIGH (8.8) A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. Published: 2024-01-31T17:51:34.941Z Updated: 2025-12-16T18:13:18.517Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22908`	vulnerable	2026-06-03 14:43:54.250654	Details available A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default. Published: 2021-05-27T11:14:24.000Z Updated: 2024-08-03T18:58:25.474Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22900`	vulnerable	2026-06-03 14:43:54.230332	Details available A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. Published: 2021-05-27T11:15:27.000Z Updated: 2025-10-21T23:25:44.296Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22899`	vulnerable	2026-06-03 14:43:54.218834	Details available A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature Published: 2021-05-27T11:15:22.000Z Updated: 2025-10-21T23:25:44.693Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22894`	vulnerable	2026-06-03 14:43:54.198332	Details available A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. Published: 2021-05-27T11:15:11.000Z Updated: 2025-10-21T23:25:44.830Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22893`	vulnerable	2026-06-03 14:43:54.179795	Details available Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild. Published: 2021-04-23T16:29:43.000Z Updated: 2025-10-21T23:25:48.614Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ https://blog.pulsesecure.net/pulse-connect-secure-security-update/ https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html https://kb.cert.org/vuls/id/213092	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11539`	vulnerable	2026-06-03 14:39:33.360252	Details available HIGH (8) In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. Published: 2019-04-26T01:39:36.000Z Updated: 2025-10-21T23:45:38.985Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 http://www.securityfocus.com/bid/108073 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf http://packetstormsecurity.com/files/154376/Pulse-Secure-8.1R15.1-8.2-8.3-9.0-SSL-VPN-Remote-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11538`	vulnerable	2026-06-03 14:39:33.301798	Details available HIGH (7.7) In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device. Published: 2019-04-26T01:39:22.000Z Updated: 2024-11-15T15:26:56.601Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 http://www.securityfocus.com/bid/108073 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11510`	vulnerable	2026-06-03 14:39:33.205571	Details available CRITICAL (9.9) In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . Published: 2019-05-08T16:18:28.000Z Updated: 2025-10-21T23:45:37.755Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/?atype=sa https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ http://www.securityfocus.com/bid/108073 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11509`	vulnerable	2026-06-03 14:39:33.179767	Details available In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance. Published: 2019-06-03T19:34:46.000Z Updated: 2024-08-04T22:55:40.698Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/?atype=sa https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ https://www.kb.cert.org/vuls/id/927237	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11508`	vulnerable	2026-06-03 14:39:33.173848	Details available HIGH (8.6) In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance. Published: 2019-05-08T16:49:51.000Z Updated: 2024-08-04T22:55:40.588Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/?atype=sa https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ http://www.securityfocus.com/bid/108073 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010 https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11507`	vulnerable	2026-06-03 14:39:33.122772	Details available MEDIUM (5.8) In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page. Published: 2019-05-08T16:52:15.000Z Updated: 2024-08-04T22:55:40.456Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/?atype=sa https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ http://www.securityfocus.com/bid/108073 https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.