Total
61 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8218 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Policy Secure, Pulse Policy Secure | 2025-07-30 | 6.5 MEDIUM | 7.2 HIGH |
| A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | |||||
| CVE-2023-39339 | 1 Ivanti | 1 Policy Secure | 2025-07-17 | N/A | 4.9 MEDIUM |
| A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request. | |||||
| CVE-2024-12058 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-16 | N/A | 6.8 MEDIUM |
| External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files. | |||||
| CVE-2024-39709 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-16 | N/A | 7.8 HIGH |
| Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges. | |||||
| CVE-2025-5450 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | N/A | 6.3 MEDIUM |
| Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted. | |||||
| CVE-2025-5451 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | N/A | 4.9 MEDIUM |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service. | |||||
| CVE-2025-5463 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | N/A | 5.5 MEDIUM |
| Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information. | |||||
| CVE-2025-0292 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | N/A | 5.5 MEDIUM |
| SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services. | |||||
| CVE-2024-10644 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-14 | N/A | 9.1 CRITICAL |
| Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-39710 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-11 | N/A | 9.1 CRITICAL |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-39711 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-11 | N/A | 9.1 CRITICAL |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-39712 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-11 | N/A | 9.1 CRITICAL |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2025-0293 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-10 | N/A | 6.6 MEDIUM |
| CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk. | |||||
| CVE-2024-38657 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-09 | N/A | 4.9 MEDIUM |
| External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files. | |||||
| CVE-2024-37377 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-02 | N/A | 7.5 HIGH |
| A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-37401 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-02 | N/A | 7.5 HIGH |
| An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-38655 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-06-27 | N/A | 7.2 HIGH |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-38656 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-06-27 | N/A | 9.1 CRITICAL |
| Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-21888 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-06-03 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. | |||||
| CVE-2024-22024 | 1 Ivanti | 3 Connect Secure, Policy Secure, Zero Trust Access | 2025-05-09 | N/A | 8.3 HIGH |
| An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. | |||||