GCVE - cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*

part: a version: 9.0 update: *

Vendor	Ivanti (`40b984ad-e54c-5e1b-9aa1-2a4cd4d61129`)
Product	Connect Secure (`61f5b622-21c4-5d14-b120-bd5f32132cfb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-21887`	vulnerable	2026-06-03 14:54:51.087965	Details available CRITICAL (9.1) A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. Published: 2024-01-12T17:02:16.481Z Updated: 2025-10-21T23:05:28.696Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-46805`	vulnerable	2026-06-03 14:53:16.502302	Details available HIGH (8.2) An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. Published: 2024-01-12T17:02:16.452Z Updated: 2025-10-21T23:05:28.857Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11509`	vulnerable	2026-06-03 14:39:33.185677	Details available In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance. Published: 2019-06-03T19:34:46.000Z Updated: 2024-08-04T22:55:40.698Z Open on db.gcve.eu Reference links https://kb.pulsesecure.net/?atype=sa https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/ https://www.kb.cert.org/vuls/id/927237	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.