GCVE - cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:*

part: a version: 9.1 update: r12.2

Vendor	Ivanti (`40b984ad-e54c-5e1b-9aa1-2a4cd4d61129`)
Product	Connect Secure (`61f5b622-21c4-5d14-b120-bd5f32132cfb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-0283`	vulnerable	2026-06-03 14:58:31.935160	Details available HIGH (7) A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. Published: 2025-01-08T22:15:59.822Z Updated: 2026-02-26T19:09:31.728Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9420`	vulnerable	2026-06-03 14:58:21.229666	Details available A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution Published: 2024-11-12T15:57:24.947Z Updated: 2025-03-13T15:31:10.970Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37404`	vulnerable	2026-06-03 14:56:06.506295	Details available CRITICAL (9.1) Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution. Published: 2024-10-18T23:06:49.502Z Updated: 2024-10-21T17:22:47.072Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-and-Policy-Secure-CVE-2024-37404	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-41719`	vulnerable	2026-06-03 14:52:52.197497	Details available HIGH (7.2) A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution. Published: 2023-12-14T01:56:44.867Z Updated: 2024-08-02T19:01:35.464Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-39340`	vulnerable	2026-06-03 14:52:38.725347	Details available HIGH (7.5) A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. Published: 2023-12-16T01:49:21.623Z Updated: 2024-11-27T15:14:36.145Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-fix-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-35258`	vulnerable	2026-06-03 14:47:37.832972	Details available An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. Published: 2022-12-05T00:00:00.000Z Updated: 2024-08-03T09:29:17.434Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-35254`	vulnerable	2026-06-03 14:47:37.787229	Details available An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. Published: 2022-12-05T00:00:00.000Z Updated: 2025-04-24T14:43:33.701Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA45520/?kA23Z000000GH5OSAW	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-21826`	vulnerable	2026-06-03 14:46:13.843823	Details available Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS. Published: 2022-09-30T16:24:25.000Z Updated: 2024-08-03T02:53:36.293Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-Desync-Attack/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.