Ivanti Connect Secure 9.0 R3.5
Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:connect_secure:9.0:r3.5:*:*:*:*:*:*
part: a version: 9.0 update: r3.5
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Connect Secure (61f5b622-21c4-5d14-b120-bd5f32132cfb) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-21893 |
vulnerable | 2026-06-03 14:54:51.174565 |
Details available
HIGH (8.2)
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
Published: 2024-01-31T17:51:35.095Z
Updated: 2025-10-21T23:05:25.541Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21888 |
vulnerable | 2026-06-03 14:54:51.141940 |
Details available
HIGH (8.8)
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.
Published: 2024-01-31T17:51:34.941Z
Updated: 2025-12-16T18:13:18.517Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22908 |
vulnerable | 2026-06-03 14:43:54.250825 |
Details available
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.
Published: 2021-05-27T11:14:24.000Z
Updated: 2024-08-03T18:58:25.474Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22900 |
vulnerable | 2026-06-03 14:43:54.230513 |
Details available
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Published: 2021-05-27T11:15:27.000Z
Updated: 2025-10-21T23:25:44.296Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22899 |
vulnerable | 2026-06-03 14:43:54.219143 |
Details available
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
Published: 2021-05-27T11:15:22.000Z
Updated: 2025-10-21T23:25:44.693Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22894 |
vulnerable | 2026-06-03 14:43:54.201250 |
Details available
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.
Published: 2021-05-27T11:15:11.000Z
Updated: 2025-10-21T23:25:44.830Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22893 |
vulnerable | 2026-06-03 14:43:54.183406 |
Details available
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Published: 2021-04-23T16:29:43.000Z
Updated: 2025-10-21T23:25:48.614Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.