Ivanti Connect Secure 22.7 R2
Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*
part: a version: 22.7 update: r2
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Connect Secure (61f5b622-21c4-5d14-b120-bd5f32132cfb) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-8712 |
vulnerable | 2026-06-03 15:13:44.584538 |
Details available
MEDIUM (5.4)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:12:38.985Z
Updated: 2025-09-10T17:25:48.443Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8711 |
vulnerable | 2026-06-03 15:13:44.562690 |
Details available
MEDIUM (5.4)
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required.
Published: 2025-09-09T15:17:25.292Z
Updated: 2025-09-09T17:32:23.793Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5468 |
vulnerable | 2026-06-03 15:07:53.684818 |
Details available
MEDIUM (5.5)
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.
Published: 2025-08-12T15:05:23.222Z
Updated: 2025-08-12T18:58:34.165Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5466 |
vulnerable | 2026-06-03 15:07:53.664608 |
Details available
MEDIUM (4.9)
XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service
Published: 2025-08-12T15:00:05.978Z
Updated: 2025-08-12T19:00:58.665Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5464 |
vulnerable | 2026-06-03 15:07:53.662521 |
Details available
MEDIUM (6.5)
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.
Published: 2025-07-08T15:32:32.212Z
Updated: 2025-07-08T15:57:58.608Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5463 |
vulnerable | 2026-06-03 15:07:53.655397 |
Details available
MEDIUM (5.5)
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.
Published: 2025-07-08T15:02:38.657Z
Updated: 2025-07-08T20:39:29.302Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5462 |
vulnerable | 2026-06-03 15:07:53.653441 |
Details available
HIGH (7.5)
A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service.
Published: 2025-08-12T14:56:19.798Z
Updated: 2025-08-12T15:08:46.265Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5456 |
vulnerable | 2026-06-03 15:07:53.637419 |
Details available
HIGH (7.5)
A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125
Published: 2025-08-12T14:50:46.329Z
Updated: 2025-08-12T15:05:53.651Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5451 |
vulnerable | 2026-06-03 15:07:53.335932 |
Details available
MEDIUM (4.9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.
Published: 2025-07-08T15:02:00.522Z
Updated: 2025-07-08T20:43:37.606Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5450 |
vulnerable | 2026-06-03 15:07:53.319985 |
Details available
MEDIUM (6.3)
Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.
Published: 2025-07-08T15:00:02.314Z
Updated: 2025-07-08T20:42:58.412Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55148 |
vulnerable | 2026-06-03 15:04:57.766707 |
Details available
HIGH (7.6)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:37:45.415Z
Updated: 2025-09-09T17:31:58.340Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55147 |
vulnerable | 2026-06-03 15:04:57.764939 |
Details available
HIGH (8.8)
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is required
Published: 2025-09-09T15:32:25.940Z
Updated: 2026-02-26T17:49:03.552Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55146 |
vulnerable | 2026-06-03 15:04:57.762521 |
Details available
MEDIUM (4.9)
An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.
Published: 2025-09-09T15:28:10.038Z
Updated: 2025-09-09T17:32:12.057Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55145 |
vulnerable | 2026-06-03 15:04:57.760812 |
Details available
HIGH (8.9)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker to hijack existing HTML5 connections.
Published: 2025-09-09T15:22:05.340Z
Updated: 2026-02-26T17:49:03.893Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55144 |
vulnerable | 2026-06-03 15:04:57.741772 |
Details available
MEDIUM (5.4)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:55:30.629Z
Updated: 2025-09-09T17:31:23.981Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55143 |
vulnerable | 2026-06-03 15:04:57.740034 |
Details available
MEDIUM (6.1)
Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to inject arbitrary text into a crafted HTTP response. User interaction is required.
Published: 2025-09-09T15:52:50.837Z
Updated: 2025-09-09T17:31:30.593Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55142 |
vulnerable | 2026-06-03 15:04:57.738209 |
Details available
HIGH (8.8)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
Published: 2025-09-09T15:49:20.192Z
Updated: 2026-02-26T17:49:02.701Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55141 |
vulnerable | 2026-06-03 15:04:57.735260 |
Details available
HIGH (8.8)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
Published: 2025-09-09T15:45:52.822Z
Updated: 2026-02-26T17:49:02.944Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55139 |
vulnerable | 2026-06-03 15:04:57.718632 |
Details available
MEDIUM (6.8)
SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to enumerate internal services.
Published: 2025-09-09T15:41:16.568Z
Updated: 2025-09-09T17:31:52.640Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22467 |
vulnerable | 2026-06-03 14:59:40.030760 |
Details available
CRITICAL (9.9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
Published: 2025-02-11T15:20:16.514Z
Updated: 2026-02-26T19:09:18.525Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22457 |
vulnerable | 2026-06-03 14:59:39.991041 |
Details available
CRITICAL (9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
Published: 2025-04-03T15:20:23.628Z
Updated: 2026-02-26T18:28:57.480Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0293 |
vulnerable | 2026-06-03 14:58:32.011601 |
Details available
MEDIUM (6.6)
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
Published: 2025-07-08T15:33:05.165Z
Updated: 2025-07-08T16:02:46.037Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0292 |
vulnerable | 2026-06-03 14:58:32.004732 |
Details available
MEDIUM (5.5)
SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.
Published: 2025-07-08T15:33:24.245Z
Updated: 2025-07-09T20:48:09.166Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0283 |
vulnerable | 2026-06-03 14:58:31.953924 |
Details available
HIGH (7)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
Published: 2025-01-08T22:15:59.822Z
Updated: 2026-02-26T19:09:31.728Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0282 |
vulnerable | 2026-06-03 14:58:31.917704 |
Details available
CRITICAL (9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
Published: 2025-01-08T22:15:09.386Z
Updated: 2025-10-21T22:55:33.039Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9844 |
vulnerable | 2026-06-03 14:58:22.716574 |
Details available
HIGH (7.1)
Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.
Published: 2024-12-10T18:46:56.314Z
Updated: 2024-12-10T20:39:59.067Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9420 |
vulnerable | 2026-06-03 14:58:21.257867 |
Details available
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9
and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution
Published: 2024-11-12T15:57:24.947Z
Updated: 2025-03-13T15:31:10.970Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8495 |
vulnerable | 2026-06-03 14:58:18.575872 |
Details available
HIGH (7.5)
A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-11-12T16:04:41.257Z
Updated: 2024-11-19T17:11:47.014Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47909 |
vulnerable | 2026-06-03 14:57:02.616664 |
Details available
MEDIUM (4.9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
Published: 2024-11-12T16:02:28.451Z
Updated: 2024-11-19T17:10:28.514Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47907 |
vulnerable | 2026-06-03 14:57:02.612960 |
Details available
HIGH (7.5)
A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-11-12T16:00:49.792Z
Updated: 2024-11-12T20:02:31.143Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47906 |
vulnerable | 2026-06-03 14:57:02.608548 |
Details available
HIGH (7.8)
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
Published: 2024-11-12T15:59:53.269Z
Updated: 2024-11-22T16:31:00.963Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47905 |
vulnerable | 2026-06-03 14:57:02.604813 |
Details available
MEDIUM (4.9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
Published: 2024-11-12T15:56:13.827Z
Updated: 2024-11-12T18:35:42.210Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39712 |
vulnerable | 2026-06-03 14:56:22.265961 |
Details available
CRITICAL (9.1)
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.518Z
Updated: 2024-12-01T18:25:55.739Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39711 |
vulnerable | 2026-06-03 14:56:22.265207 |
Details available
CRITICAL (9.1)
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.452Z
Updated: 2024-12-01T18:25:55.769Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39710 |
vulnerable | 2026-06-03 14:56:22.264587 |
Details available
CRITICAL (9.1)
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.384Z
Updated: 2024-12-01T18:25:55.773Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38657 |
vulnerable | 2026-06-03 14:56:19.241778 |
Details available
CRITICAL (9.1)
External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.
Published: 2025-02-21T01:25:43.552Z
Updated: 2025-02-21T15:51:34.076Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38656 |
vulnerable | 2026-06-03 14:56:19.240976 |
Details available
CRITICAL (9.1)
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.445Z
Updated: 2024-12-01T18:25:55.799Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38655 |
vulnerable | 2026-06-03 14:56:19.234918 |
Details available
CRITICAL (9.1)
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.595Z
Updated: 2024-11-23T21:06:07.435Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38649 |
vulnerable | 2026-06-03 14:56:19.210282 |
Details available
HIGH (7.5)
An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-11-13T01:54:45.457Z
Updated: 2024-11-23T21:06:04.739Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37404 |
vulnerable | 2026-06-03 14:56:06.532915 |
Details available
CRITICAL (9.1)
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.
Published: 2024-10-18T23:06:49.502Z
Updated: 2024-10-21T17:22:47.072Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37401 |
vulnerable | 2026-06-03 14:56:06.493260 |
Details available
HIGH (7.5)
An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-12-11T18:52:27.527Z
Updated: 2024-12-12T14:39:24.747Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37400 |
vulnerable | 2026-06-03 14:56:06.490593 |
Details available
HIGH (7.5)
An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.
Published: 2024-11-13T01:54:45.506Z
Updated: 2024-11-13T16:57:19.557Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37377 |
vulnerable | 2026-06-03 14:56:06.429279 |
Details available
HIGH (7.5)
A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-12-11T18:52:27.462Z
Updated: 2024-12-12T14:46:24.352Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13843 |
vulnerable | 2026-06-03 14:54:25.562641 |
Details available
MEDIUM (6)
Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
Published: 2025-02-11T15:26:32.029Z
Updated: 2025-02-11T16:00:53.016Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13842 |
vulnerable | 2026-06-03 14:54:25.561918 |
Details available
MEDIUM (6)
A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
Published: 2025-02-11T15:25:49.528Z
Updated: 2025-02-11T16:00:24.402Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13830 |
vulnerable | 2026-06-03 14:54:25.534506 |
Details available
MEDIUM (6.1)
Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
Published: 2025-02-11T15:22:15.945Z
Updated: 2025-02-11T15:35:20.726Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12058 |
vulnerable | 2026-06-03 14:54:15.501144 |
Details available
MEDIUM (6.8)
External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.
Published: 2025-02-11T15:21:18.279Z
Updated: 2025-02-11T15:35:20.850Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11634 |
vulnerable | 2026-06-03 14:54:14.518713 |
Details available
CRITICAL (9.1)
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)
Published: 2024-12-10T18:48:29.024Z
Updated: 2024-12-14T04:55:16.905Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11633 |
vulnerable | 2026-06-03 14:54:14.518089 |
Details available
CRITICAL (9.1)
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution
Published: 2024-12-10T18:47:55.575Z
Updated: 2024-12-14T04:55:15.649Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11007 |
vulnerable | 2026-06-03 14:54:13.148082 |
Details available
CRITICAL (9.1)
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T16:05:26.487Z
Updated: 2024-11-22T16:32:05.425Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11006 |
vulnerable | 2026-06-03 14:54:13.147108 |
Details available
CRITICAL (9.1)
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T16:06:16.240Z
Updated: 2024-11-22T16:32:34.967Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11005 |
vulnerable | 2026-06-03 14:54:13.140757 |
Details available
CRITICAL (9.1)
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T16:07:45.350Z
Updated: 2024-11-22T16:33:10.013Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11004 |
vulnerable | 2026-06-03 14:54:13.139830 |
Details available
MEDIUM (6.1)
Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
Published: 2024-11-12T16:09:19.437Z
Updated: 2025-04-04T14:34:21.002Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10644 |
vulnerable | 2026-06-03 14:54:12.242683 |
Details available
CRITICAL (9.1)
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2025-02-11T15:20:46.680Z
Updated: 2026-02-26T19:09:17.981Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.