Connect Secure
Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Connect Secure (61f5b622-21c4-5d14-b120-bd5f32132cfb) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-8712 |
vulnerable | 2026-06-03 15:13:44.584107 |
Details available
MEDIUM (5.4)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:12:38.985Z
Updated: 2025-09-10T17:25:48.443Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8711 |
vulnerable | 2026-06-03 15:13:44.555279 |
Details available
MEDIUM (5.4)
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required.
Published: 2025-09-09T15:17:25.292Z
Updated: 2025-09-09T17:32:23.793Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8711 |
not_vulnerable | 2026-06-03 15:13:44.552426 |
Details available
MEDIUM (5.4)
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required.
Published: 2025-09-09T15:17:25.292Z
Updated: 2025-09-09T17:32:23.793Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5468 |
vulnerable | 2026-06-03 15:07:53.684301 |
Details available
MEDIUM (5.5)
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.
Published: 2025-08-12T15:05:23.222Z
Updated: 2025-08-12T18:58:34.165Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5468 |
not_vulnerable | 2026-06-03 15:07:53.683904 |
Details available
MEDIUM (5.5)
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.
Published: 2025-08-12T15:05:23.222Z
Updated: 2025-08-12T18:58:34.165Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5466 |
vulnerable | 2026-06-03 15:07:53.664119 |
Details available
MEDIUM (4.9)
XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service
Published: 2025-08-12T15:00:05.978Z
Updated: 2025-08-12T19:00:58.665Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5466 |
not_vulnerable | 2026-06-03 15:07:53.663816 |
Details available
MEDIUM (4.9)
XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service
Published: 2025-08-12T15:00:05.978Z
Updated: 2025-08-12T19:00:58.665Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5464 |
vulnerable | 2026-06-03 15:07:53.662131 |
Details available
MEDIUM (6.5)
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.
Published: 2025-07-08T15:32:32.212Z
Updated: 2025-07-08T15:57:58.608Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5464 |
not_vulnerable | 2026-06-03 15:07:53.662091 |
Details available
MEDIUM (6.5)
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.
Published: 2025-07-08T15:32:32.212Z
Updated: 2025-07-08T15:57:58.608Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5463 |
vulnerable | 2026-06-03 15:07:53.655108 |
Details available
MEDIUM (5.5)
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.
Published: 2025-07-08T15:02:38.657Z
Updated: 2025-07-08T20:39:29.302Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5463 |
not_vulnerable | 2026-06-03 15:07:53.655050 |
Details available
MEDIUM (5.5)
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.
Published: 2025-07-08T15:02:38.657Z
Updated: 2025-07-08T20:39:29.302Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5462 |
vulnerable | 2026-06-03 15:07:53.652929 |
Details available
HIGH (7.5)
A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service.
Published: 2025-08-12T14:56:19.798Z
Updated: 2025-08-12T15:08:46.265Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5462 |
not_vulnerable | 2026-06-03 15:07:53.652644 |
Details available
HIGH (7.5)
A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service.
Published: 2025-08-12T14:56:19.798Z
Updated: 2025-08-12T15:08:46.265Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5456 |
vulnerable | 2026-06-03 15:07:53.636852 |
Details available
HIGH (7.5)
A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125
Published: 2025-08-12T14:50:46.329Z
Updated: 2025-08-12T15:05:53.651Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5456 |
not_vulnerable | 2026-06-03 15:07:53.616167 |
Details available
HIGH (7.5)
A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125
Published: 2025-08-12T14:50:46.329Z
Updated: 2025-08-12T15:05:53.651Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5451 |
not_vulnerable | 2026-06-03 15:07:53.333351 |
Details available
MEDIUM (4.9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.
Published: 2025-07-08T15:02:00.522Z
Updated: 2025-07-08T20:43:37.606Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5450 |
vulnerable | 2026-06-03 15:07:53.306637 |
Details available
MEDIUM (6.3)
Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.
Published: 2025-07-08T15:00:02.314Z
Updated: 2025-07-08T20:42:58.412Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5450 |
not_vulnerable | 2026-06-03 15:07:53.304946 |
Details available
MEDIUM (6.3)
Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.
Published: 2025-07-08T15:00:02.314Z
Updated: 2025-07-08T20:42:58.412Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55148 |
vulnerable | 2026-06-03 15:04:57.766338 |
Details available
HIGH (7.6)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:37:45.415Z
Updated: 2025-09-09T17:31:58.340Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55148 |
not_vulnerable | 2026-06-03 15:04:57.766113 |
Details available
HIGH (7.6)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:37:45.415Z
Updated: 2025-09-09T17:31:58.340Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55147 |
vulnerable | 2026-06-03 15:04:57.764457 |
Details available
HIGH (8.8)
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is required
Published: 2025-09-09T15:32:25.940Z
Updated: 2026-02-26T17:49:03.552Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55147 |
not_vulnerable | 2026-06-03 15:04:57.764177 |
Details available
HIGH (8.8)
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is required
Published: 2025-09-09T15:32:25.940Z
Updated: 2026-02-26T17:49:03.552Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55146 |
vulnerable | 2026-06-03 15:04:57.762146 |
Details available
MEDIUM (4.9)
An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.
Published: 2025-09-09T15:28:10.038Z
Updated: 2025-09-09T17:32:12.057Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55146 |
not_vulnerable | 2026-06-03 15:04:57.762050 |
Details available
MEDIUM (4.9)
An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.
Published: 2025-09-09T15:28:10.038Z
Updated: 2025-09-09T17:32:12.057Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55145 |
vulnerable | 2026-06-03 15:04:57.760523 |
Details available
HIGH (8.9)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker to hijack existing HTML5 connections.
Published: 2025-09-09T15:22:05.340Z
Updated: 2026-02-26T17:49:03.893Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55144 |
vulnerable | 2026-06-03 15:04:57.741408 |
Details available
MEDIUM (5.4)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:55:30.629Z
Updated: 2025-09-09T17:31:23.981Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55144 |
not_vulnerable | 2026-06-03 15:04:57.741086 |
Details available
MEDIUM (5.4)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Published: 2025-09-09T15:55:30.629Z
Updated: 2025-09-09T17:31:23.981Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55143 |
vulnerable | 2026-06-03 15:04:57.739668 |
Details available
MEDIUM (6.1)
Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to inject arbitrary text into a crafted HTTP response. User interaction is required.
Published: 2025-09-09T15:52:50.837Z
Updated: 2025-09-09T17:31:30.593Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55143 |
not_vulnerable | 2026-06-03 15:04:57.739558 |
Details available
MEDIUM (6.1)
Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to inject arbitrary text into a crafted HTTP response. User interaction is required.
Published: 2025-09-09T15:52:50.837Z
Updated: 2025-09-09T17:31:30.593Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55142 |
vulnerable | 2026-06-03 15:04:57.737569 |
Details available
HIGH (8.8)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
Published: 2025-09-09T15:49:20.192Z
Updated: 2026-02-26T17:49:02.701Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55142 |
not_vulnerable | 2026-06-03 15:04:57.737457 |
Details available
HIGH (8.8)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
Published: 2025-09-09T15:49:20.192Z
Updated: 2026-02-26T17:49:02.701Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55141 |
vulnerable | 2026-06-03 15:04:57.734973 |
Details available
HIGH (8.8)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
Published: 2025-09-09T15:45:52.822Z
Updated: 2026-02-26T17:49:02.944Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55141 |
not_vulnerable | 2026-06-03 15:04:57.734484 |
Details available
HIGH (8.8)
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.
Published: 2025-09-09T15:45:52.822Z
Updated: 2026-02-26T17:49:02.944Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55139 |
vulnerable | 2026-06-03 15:04:57.712793 |
Details available
MEDIUM (6.8)
SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to enumerate internal services.
Published: 2025-09-09T15:41:16.568Z
Updated: 2025-09-09T17:31:52.640Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55139 |
not_vulnerable | 2026-06-03 15:04:57.707327 |
Details available
MEDIUM (6.8)
SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to enumerate internal services.
Published: 2025-09-09T15:41:16.568Z
Updated: 2025-09-09T17:31:52.640Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22467 |
vulnerable | 2026-06-03 14:59:40.030427 |
Details available
CRITICAL (9.9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
Published: 2025-02-11T15:20:16.514Z
Updated: 2026-02-26T19:09:18.525Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22467 |
not_vulnerable | 2026-06-03 14:59:40.030388 |
Details available
CRITICAL (9.9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
Published: 2025-02-11T15:20:16.514Z
Updated: 2026-02-26T19:09:18.525Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22457 |
not_vulnerable | 2026-06-03 14:59:39.982643 |
Details available
CRITICAL (9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
Published: 2025-04-03T15:20:23.628Z
Updated: 2026-02-26T18:28:57.480Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0293 |
vulnerable | 2026-06-03 14:58:32.011285 |
Details available
MEDIUM (6.6)
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
Published: 2025-07-08T15:33:05.165Z
Updated: 2025-07-08T16:02:46.037Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0293 |
not_vulnerable | 2026-06-03 14:58:32.011110 |
Details available
MEDIUM (6.6)
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
Published: 2025-07-08T15:33:05.165Z
Updated: 2025-07-08T16:02:46.037Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0292 |
vulnerable | 2026-06-03 14:58:32.004223 |
Details available
MEDIUM (5.5)
SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.
Published: 2025-07-08T15:33:24.245Z
Updated: 2025-07-09T20:48:09.166Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0292 |
not_vulnerable | 2026-06-03 14:58:32.004025 |
Details available
MEDIUM (5.5)
SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.
Published: 2025-07-08T15:33:24.245Z
Updated: 2025-07-09T20:48:09.166Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0283 |
vulnerable | 2026-06-03 14:58:31.925408 |
Details available
HIGH (7)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
Published: 2025-01-08T22:15:59.822Z
Updated: 2026-02-26T19:09:31.728Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0283 |
not_vulnerable | 2026-06-03 14:58:31.925048 |
Details available
HIGH (7)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
Published: 2025-01-08T22:15:59.822Z
Updated: 2026-02-26T19:09:31.728Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0282 |
vulnerable | 2026-06-03 14:58:31.914695 |
Details available
CRITICAL (9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
Published: 2025-01-08T22:15:09.386Z
Updated: 2025-10-21T22:55:33.039Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9844 |
vulnerable | 2026-06-03 14:58:22.715958 |
Details available
HIGH (7.1)
Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.
Published: 2024-12-10T18:46:56.314Z
Updated: 2024-12-10T20:39:59.067Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9844 |
not_vulnerable | 2026-06-03 14:58:22.715915 |
Details available
HIGH (7.1)
Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.
Published: 2024-12-10T18:46:56.314Z
Updated: 2024-12-10T20:39:59.067Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9420 |
vulnerable | 2026-06-03 14:58:21.218134 |
Details available
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9
and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution
Published: 2024-11-12T15:57:24.947Z
Updated: 2025-03-13T15:31:10.970Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9420 |
not_vulnerable | 2026-06-03 14:58:21.217988 |
Details available
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9
and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution
Published: 2024-11-12T15:57:24.947Z
Updated: 2025-03-13T15:31:10.970Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8495 |
vulnerable | 2026-06-03 14:58:18.570182 |
Details available
HIGH (7.5)
A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-11-12T16:04:41.257Z
Updated: 2024-11-19T17:11:47.014Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8495 |
not_vulnerable | 2026-06-03 14:58:18.569296 |
Details available
HIGH (7.5)
A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-11-12T16:04:41.257Z
Updated: 2024-11-19T17:11:47.014Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47909 |
vulnerable | 2026-06-03 14:57:02.616522 |
Details available
MEDIUM (4.9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
Published: 2024-11-12T16:02:28.451Z
Updated: 2024-11-19T17:10:28.514Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47909 |
not_vulnerable | 2026-06-03 14:57:02.616459 |
Details available
MEDIUM (4.9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
Published: 2024-11-12T16:02:28.451Z
Updated: 2024-11-19T17:10:28.514Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47907 |
vulnerable | 2026-06-03 14:57:02.612812 |
Details available
HIGH (7.5)
A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-11-12T16:00:49.792Z
Updated: 2024-11-12T20:02:31.143Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47907 |
not_vulnerable | 2026-06-03 14:57:02.612785 |
Details available
HIGH (7.5)
A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-11-12T16:00:49.792Z
Updated: 2024-11-12T20:02:31.143Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47906 |
vulnerable | 2026-06-03 14:57:02.608218 |
Details available
HIGH (7.8)
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
Published: 2024-11-12T15:59:53.269Z
Updated: 2024-11-22T16:31:00.963Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47905 |
vulnerable | 2026-06-03 14:57:02.600082 |
Details available
MEDIUM (4.9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
Published: 2024-11-12T15:56:13.827Z
Updated: 2024-11-12T18:35:42.210Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47905 |
not_vulnerable | 2026-06-03 14:57:02.599141 |
Details available
MEDIUM (4.9)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
Published: 2024-11-12T15:56:13.827Z
Updated: 2024-11-12T18:35:42.210Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39712 |
vulnerable | 2026-06-03 14:56:22.265609 |
Details available
CRITICAL (9.1)
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.518Z
Updated: 2024-12-01T18:25:55.739Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39711 |
vulnerable | 2026-06-03 14:56:22.265018 |
Details available
CRITICAL (9.1)
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.452Z
Updated: 2024-12-01T18:25:55.769Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39710 |
vulnerable | 2026-06-03 14:56:22.264379 |
Details available
CRITICAL (9.1)
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.384Z
Updated: 2024-12-01T18:25:55.773Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39709 |
vulnerable | 2026-06-03 14:56:22.259639 |
Details available
HIGH (7.8)
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.
Published: 2024-11-13T01:54:45.448Z
Updated: 2024-11-23T21:06:04.916Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38657 |
vulnerable | 2026-06-03 14:56:19.241516 |
Details available
CRITICAL (9.1)
External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.
Published: 2025-02-21T01:25:43.552Z
Updated: 2025-02-21T15:51:34.076Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38656 |
vulnerable | 2026-06-03 14:56:19.240801 |
Details available
CRITICAL (9.1)
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.445Z
Updated: 2024-12-01T18:25:55.799Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38655 |
vulnerable | 2026-06-03 14:56:19.233830 |
Details available
CRITICAL (9.1)
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.595Z
Updated: 2024-11-23T21:06:07.435Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38649 |
vulnerable | 2026-06-03 14:56:19.204772 |
Details available
HIGH (7.5)
An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-11-13T01:54:45.457Z
Updated: 2024-11-23T21:06:04.739Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37404 |
vulnerable | 2026-06-03 14:56:06.498258 |
Details available
CRITICAL (9.1)
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.
Published: 2024-10-18T23:06:49.502Z
Updated: 2024-10-21T17:22:47.072Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37401 |
vulnerable | 2026-06-03 14:56:06.490991 |
Details available
HIGH (7.5)
An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-12-11T18:52:27.527Z
Updated: 2024-12-12T14:39:24.747Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37400 |
vulnerable | 2026-06-03 14:56:06.490433 |
Details available
HIGH (7.5)
An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.
Published: 2024-11-13T01:54:45.506Z
Updated: 2024-11-13T16:57:19.557Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37377 |
vulnerable | 2026-06-03 14:56:06.424353 |
Details available
HIGH (7.5)
A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
Published: 2024-12-11T18:52:27.462Z
Updated: 2024-12-12T14:46:24.352Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29205 |
vulnerable | 2026-06-03 14:55:27.051241 |
Details available
HIGH (7.5)
An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.
Published: 2024-04-24T23:12:51.923Z
Updated: 2024-10-03T21:30:48.706Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22053 |
vulnerable | 2026-06-03 14:54:59.541253 |
Details available
HIGH (8.2)
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x
22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.
Published: 2024-04-04T19:45:10.175Z
Updated: 2024-10-03T21:40:00.903Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22052 |
vulnerable | 2026-06-03 14:54:59.538652 |
Details available
HIGH (7.5)
A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack
Published: 2024-04-04T19:45:10.169Z
Updated: 2024-10-03T21:40:23.298Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22023 |
vulnerable | 2026-06-03 14:54:59.319245 |
Details available
MEDIUM (5.3)
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.
Published: 2024-04-04T19:45:10.162Z
Updated: 2024-10-03T21:38:58.416Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21894 |
vulnerable | 2026-06-03 14:54:51.194338 |
Details available
HIGH (8.2)
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code
Published: 2024-04-04T22:16:29.330Z
Updated: 2024-10-03T21:43:40.315Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13843 |
vulnerable | 2026-06-03 14:54:25.562521 |
Details available
MEDIUM (6)
Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
Published: 2025-02-11T15:26:32.029Z
Updated: 2025-02-11T16:00:53.016Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13843 |
not_vulnerable | 2026-06-03 14:54:25.562467 |
Details available
MEDIUM (6)
Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
Published: 2025-02-11T15:26:32.029Z
Updated: 2025-02-11T16:00:53.016Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13842 |
vulnerable | 2026-06-03 14:54:25.561518 |
Details available
MEDIUM (6)
A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
Published: 2025-02-11T15:25:49.528Z
Updated: 2025-02-11T16:00:24.402Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13842 |
not_vulnerable | 2026-06-03 14:54:25.561452 |
Details available
MEDIUM (6)
A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
Published: 2025-02-11T15:25:49.528Z
Updated: 2025-02-11T16:00:24.402Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13830 |
vulnerable | 2026-06-03 14:54:25.529892 |
Details available
MEDIUM (6.1)
Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
Published: 2025-02-11T15:22:15.945Z
Updated: 2025-02-11T15:35:20.726Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13830 |
not_vulnerable | 2026-06-03 14:54:25.529136 |
Details available
MEDIUM (6.1)
Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
Published: 2025-02-11T15:22:15.945Z
Updated: 2025-02-11T15:35:20.726Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12058 |
not_vulnerable | 2026-06-03 14:54:15.499238 |
Details available
MEDIUM (6.8)
External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.
Published: 2025-02-11T15:21:18.279Z
Updated: 2025-02-11T15:35:20.850Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11634 |
vulnerable | 2026-06-03 14:54:14.518571 |
Details available
CRITICAL (9.1)
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)
Published: 2024-12-10T18:48:29.024Z
Updated: 2024-12-14T04:55:16.905Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11634 |
not_vulnerable | 2026-06-03 14:54:14.518515 |
Details available
CRITICAL (9.1)
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)
Published: 2024-12-10T18:48:29.024Z
Updated: 2024-12-14T04:55:16.905Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11633 |
vulnerable | 2026-06-03 14:54:14.517834 |
Details available
CRITICAL (9.1)
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution
Published: 2024-12-10T18:47:55.575Z
Updated: 2024-12-14T04:55:15.649Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11633 |
not_vulnerable | 2026-06-03 14:54:14.517794 |
Details available
CRITICAL (9.1)
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution
Published: 2024-12-10T18:47:55.575Z
Updated: 2024-12-14T04:55:15.649Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11007 |
vulnerable | 2026-06-03 14:54:13.147936 |
Details available
CRITICAL (9.1)
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T16:05:26.487Z
Updated: 2024-11-22T16:32:05.425Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11007 |
not_vulnerable | 2026-06-03 14:54:13.147894 |
Details available
CRITICAL (9.1)
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T16:05:26.487Z
Updated: 2024-11-22T16:32:05.425Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11006 |
vulnerable | 2026-06-03 14:54:13.146820 |
Details available
CRITICAL (9.1)
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T16:06:16.240Z
Updated: 2024-11-22T16:32:34.967Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11006 |
not_vulnerable | 2026-06-03 14:54:13.146769 |
Details available
CRITICAL (9.1)
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T16:06:16.240Z
Updated: 2024-11-22T16:32:34.967Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11005 |
vulnerable | 2026-06-03 14:54:13.140615 |
Details available
CRITICAL (9.1)
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T16:07:45.350Z
Updated: 2024-11-22T16:33:10.013Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11005 |
not_vulnerable | 2026-06-03 14:54:13.140574 |
Details available
CRITICAL (9.1)
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T16:07:45.350Z
Updated: 2024-11-22T16:33:10.013Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11004 |
vulnerable | 2026-06-03 14:54:13.139685 |
Details available
MEDIUM (6.1)
Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
Published: 2024-11-12T16:09:19.437Z
Updated: 2025-04-04T14:34:21.002Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11004 |
not_vulnerable | 2026-06-03 14:54:13.139643 |
Details available
MEDIUM (6.1)
Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
Published: 2024-11-12T16:09:19.437Z
Updated: 2025-04-04T14:34:21.002Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10644 |
vulnerable | 2026-06-03 14:54:12.237170 |
Details available
CRITICAL (9.1)
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2025-02-11T15:20:46.680Z
Updated: 2026-02-26T19:09:17.981Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10644 |
not_vulnerable | 2026-06-03 14:54:12.236157 |
Details available
CRITICAL (9.1)
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2025-02-11T15:20:46.680Z
Updated: 2026-02-26T19:09:17.981Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41720 |
vulnerable | 2026-06-03 14:52:52.214178 |
Details available
HIGH (7)
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system.
Published: 2023-12-14T01:56:44.839Z
Updated: 2024-08-02T19:01:35.479Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41719 |
vulnerable | 2026-06-03 14:52:52.185194 |
Details available
HIGH (7.2)
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
Published: 2023-12-14T01:56:44.867Z
Updated: 2024-08-02T19:01:35.464Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39340 |
vulnerable | 2026-06-03 14:52:38.711873 |
Details available
HIGH (7.5)
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.
Published: 2023-12-16T01:49:21.623Z
Updated: 2024-11-27T15:14:36.145Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38551 |
vulnerable | 2026-06-03 14:52:31.496751 |
Details available
HIGH (8.2)
A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.
Published: 2024-05-31T17:38:31.360Z
Updated: 2025-03-27T20:43:12.726Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-35258 |
vulnerable | 2026-06-03 14:47:37.832735 |
Details available
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
Published: 2022-12-05T00:00:00.000Z
Updated: 2024-08-03T09:29:17.434Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-35254 |
vulnerable | 2026-06-03 14:47:37.779815 |
Details available
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
Published: 2022-12-05T00:00:00.000Z
Updated: 2025-04-24T14:43:33.701Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8260 |
vulnerable | 2026-06-03 14:43:08.521902 |
Details available
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
Published: 2020-10-28T12:47:13.000Z
Updated: 2025-10-21T23:35:34.332Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8243 |
vulnerable | 2026-06-03 14:43:08.485709 |
Details available
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
Published: 2020-09-29T13:44:31.000Z
Updated: 2025-10-21T23:35:36.130Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8218 |
vulnerable | 2026-06-03 14:43:08.401507 |
Details available
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
Published: 2020-07-30T12:53:02.000Z
Updated: 2025-10-21T23:35:38.731Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-11213 |
vulnerable | 2026-06-03 14:39:32.483343 |
Details available
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3.
Published: 2019-04-12T14:27:31.000Z
Updated: 2024-08-04T22:48:09.014Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.