Ivanti Connect Secure 9.1 R18.7

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:connect_secure:9.1:r18.7:*:*:*:*:*:*

part: a version: 9.1 update: r18.7

VendorIvanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129)
ProductConnect Secure (61f5b622-21c4-5d14-b120-bd5f32132cfb)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-0283 vulnerable 2026-06-03 14:58:31.944720 Details available
HIGH (7)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
Published: 2025-01-08T22:15:59.822Z
Updated: 2026-02-26T19:09:31.728Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-9420 vulnerable 2026-06-03 14:58:21.241095 Details available
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution
Published: 2024-11-12T15:57:24.947Z
Updated: 2025-03-13T15:31:10.970Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-37404 vulnerable 2026-06-03 14:56:06.520485 Details available
CRITICAL (9.1)
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.
Published: 2024-10-18T23:06:49.502Z
Updated: 2024-10-21T17:22:47.072Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.