CVE-2024-39712

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

Ivanti Connect Secure和Ivanti Policy Secure 参数注入漏洞

Ivanti Connect Secure and Ivanti Policy Secure are both products of Ivanti Corporation, U.S.A. Ivanti Connect Secure is a secure remote network connection tool.Ivanti Policy Secure is a network access control NAC solution. A parameter injection vulnerability exists in Ivanti Connect Secure versio...

CVE-2024-11006

Command injection in Ivanti Connect Secure before version 22.7R2.1 Not Applicable to 9.1Rx and Ivanti Policy Secure before version 22.7R1.1 Not Applicable to 9.1Rx allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2024-11004

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required...

CVE-2024-8495

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service...

CVE-2024-11007

Command injection in Ivanti Connect Secure before version 22.7R2.1 Not Applicable to 9.1Rx and Ivanti Policy Secure before version 22.7R1.1 Not Applicable to 9.1Rx allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2024-11007

Command injection in Ivanti Connect Secure before version 22.7R2.1 Not Applicable to 9.1Rx and Ivanti Policy Secure before version 22.7R1.1 Not Applicable to 9.1Rx allows a remote authenticated attacker with admin privileges to achieve remote code execution...

PT-2024-39055 · Ivanti · Ivanti Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.1 Ivanti Policy Secure versions prior to 22.7R1.1 Description: A null pointer dereference allows a remote unauthenticated attacker to cause a denial of service. This issue can be exploited by a...

PT-2024-8721 · Ivanti · Ivanti Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.1 Ivanti Policy Secure versions prior to 22.7R1.1 Description: The issue is related to incorrect input handling in Ivanti Connect Secure and Ivanti Policy Secure, allowing a remote attacker to...

Vulnerabilities fixed in Ivanti Connect Secure and Policy Secure

Ivanti has fixed a vulnerability in Connect Secure and Policy Secure. UPDATE: POC code is now available online for this vulnerability. An authenticated malicious person with access to the admin portal of Connect Secure or Policy Secure can exploit the vulnerability to execute code remotely. Ivant...

Ivanti Policy Secure 22.x < 22.7R1.1 RCE

The Ivanti Policy Secure installed on the remote host is prior to 22.7R1.1. It is, therefore, affected by a remote code execution vulnerability due to improper input validation in the admin portal. Note that Nessus has not tested for this issue but has instead relied only on the application's...