Ivanti Connect Secure 9.1 R5.0
Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:connect_secure:9.1:r5.0:*:*:*:*:*:*
part: a version: 9.1 update: r5.0
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Connect Secure (61f5b622-21c4-5d14-b120-bd5f32132cfb) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-9420 |
vulnerable | 2026-06-03 14:58:21.248703 |
Details available
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9
and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution
Published: 2024-11-12T15:57:24.947Z
Updated: 2025-03-13T15:31:10.970Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39340 |
vulnerable | 2026-06-03 14:52:38.739235 |
Details available
HIGH (7.5)
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.
Published: 2023-12-16T01:49:21.623Z
Updated: 2024-11-27T15:14:36.145Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-35258 |
vulnerable | 2026-06-03 14:47:37.833260 |
Details available
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
Published: 2022-12-05T00:00:00.000Z
Updated: 2024-08-03T09:29:17.434Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-35254 |
vulnerable | 2026-06-03 14:47:37.795944 |
Details available
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
Published: 2022-12-05T00:00:00.000Z
Updated: 2025-04-24T14:43:33.701Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-21826 |
vulnerable | 2026-06-03 14:46:13.850639 |
Details available
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.
Published: 2022-09-30T16:24:25.000Z
Updated: 2024-08-03T02:53:36.293Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22938 |
vulnerable | 2026-06-03 14:43:54.379466 |
Details available
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
Published: 2021-08-16T18:38:43.000Z
Updated: 2024-08-03T18:58:25.945Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22937 |
vulnerable | 2026-06-03 14:43:54.378827 |
Details available
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
Published: 2021-08-16T18:38:54.000Z
Updated: 2024-08-03T18:58:25.940Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22936 |
vulnerable | 2026-06-03 14:43:54.378293 |
Details available
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
Published: 2021-08-16T18:38:52.000Z
Updated: 2024-08-03T18:58:25.950Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22935 |
vulnerable | 2026-06-03 14:43:54.377737 |
Details available
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
Published: 2021-08-16T18:38:49.000Z
Updated: 2024-08-03T18:58:26.102Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22934 |
vulnerable | 2026-06-03 14:43:54.377161 |
Details available
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.
Published: 2021-08-16T18:38:45.000Z
Updated: 2024-08-03T18:58:25.866Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22933 |
vulnerable | 2026-06-03 14:43:54.374585 |
Details available
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
Published: 2021-08-16T18:38:41.000Z
Updated: 2024-08-03T18:58:25.969Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8260 |
vulnerable | 2026-06-03 14:43:08.527333 |
Details available
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
Published: 2020-10-28T12:47:13.000Z
Updated: 2025-10-21T23:35:34.332Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.