Filtered by vendor Ivanti Subscriptions
Filtered by product Policy Secure Subscriptions
Total 49 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-0282 1 Ivanti 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure 2025-02-20 9 Critical
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
CVE-2024-13842 1 Ivanti 2 Connect Secure, Policy Secure 2025-02-20 6 Medium
A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
CVE-2024-13843 1 Ivanti 2 Connect Secure, Policy Secure 2025-02-20 6 Medium
Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
CVE-2024-21887 1 Ivanti 2 Connect Secure, Policy Secure 2025-02-13 9.1 Critical
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
CVE-2023-46805 1 Ivanti 2 Connect Secure, Policy Secure 2025-02-13 8.2 High
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
CVE-2024-13830 1 Ivanti 2 Connect Secure, Policy Secure 2025-02-13 6.1 Medium
Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVE-2020-8218 2 Ivanti, Pulsesecure 3 Connect Secure, Policy Secure, Pulse Policy Secure 2025-02-12 7.2 High
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
CVE-2020-8243 1 Ivanti 2 Connect Secure, Policy Secure 2025-02-12 7.2 High
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
CVE-2024-9420 1 Ivanti 2 Connect Secure, Policy Secure 2025-01-17 8.8 High
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 and 9.1R18.9 allows a remote authenticated attacker to achieve remote code execution
CVE-2024-47906 1 Ivanti 2 Connect Secure, Policy Secure 2025-01-17 7.8 High
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
CVE-2024-11005 1 Ivanti 2 Connect Secure, Policy Secure 2025-01-17 9.1 Critical
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-11006 1 Ivanti 2 Connect Secure, Policy Secure 2025-01-17 9.1 Critical
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-11004 1 Ivanti 2 Connect Secure, Policy Secure 2025-01-17 6.1 Medium
Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVE-2024-8495 1 Ivanti 2 Connect Secure, Policy Secure 2025-01-17 7.5 High
A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-11634 1 Ivanti 2 Connect Secure, Policy Secure 2025-01-17 9.1 Critical
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)
CVE-2025-0283 1 Ivanti 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure 2025-01-14 7 High
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
CVE-2024-39712 1 Ivanti 2 Connect Secure, Policy Secure 2024-12-01 N/A
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-39711 1 Ivanti 2 Connect Secure, Policy Secure 2024-12-01 N/A
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-39710 1 Ivanti 2 Connect Secure, Policy Secure 2024-12-01 N/A
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-21893 1 Ivanti 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure 2024-11-29 8.2 High
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.