GCVE - cpe:2.3:a:ivanti:connect_secure:22.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:connect_secure:22.1:*:*:*:*:*:*:*

part: a version: 22.1 update: *

Vendor	Ivanti (`40b984ad-e54c-5e1b-9aa1-2a4cd4d61129`)
Product	Connect Secure (`61f5b622-21c4-5d14-b120-bd5f32132cfb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-22053`	vulnerable	2026-06-03 14:54:59.541891	Details available HIGH (8.2) A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. Published: 2024-04-04T19:45:10.175Z Updated: 2024-10-03T21:40:00.903Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-22052`	vulnerable	2026-06-03 14:54:59.539431	Details available HIGH (7.5) A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack Published: 2024-04-04T19:45:10.169Z Updated: 2024-10-03T21:40:23.298Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-22023`	vulnerable	2026-06-03 14:54:59.332533	Details available MEDIUM (5.3) An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. Published: 2024-04-04T19:45:10.162Z Updated: 2024-10-03T21:38:58.416Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-21894`	vulnerable	2026-06-03 14:54:51.199069	Details available HIGH (8.2) A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code Published: 2024-04-04T22:16:29.330Z Updated: 2024-10-03T21:43:40.315Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.