Lucene search

K
IvantiConnect Secure

119 matches found

CVE
CVE
added 2019/05/08 5:29 p.m.2422 views

CVE-2019-11510

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

10CVSS9.6AI score0.94328EPSS
In wildWeb
CVE
CVE
added 2021/04/23 5:15 p.m.1209 views

CVE-2021-22893

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Puls...

10CVSS9.9AI score0.93511EPSS
In wild
CVE
CVE
added 2019/04/26 2:29 a.m.1150 views

CVE-2019-11539

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin we...

8CVSS7.9AI score0.93872EPSS
In wildWeb
CVE
CVE
added 2020/10/28 1:15 p.m.1135 views

CVE-2020-8260

A vulnerability in the Pulse Connect Secure

7.2CVSS8.2AI score0.70356EPSS
In wildWeb
CVE
CVE
added 2020/09/30 6:15 p.m.1056 views

CVE-2020-8243

A vulnerability in the Pulse Connect Secure

7.2CVSS8.1AI score0.22622EPSS
In wild
CVE
CVE
added 2020/07/30 1:15 p.m.1049 views

CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure

7.2CVSS7.3AI score0.91071EPSS
In wild
CVE
CVE
added 2021/05/27 12:15 p.m.1039 views

CVE-2021-22894

A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.

9CVSS9.2AI score0.49665EPSS
In wild
CVE
CVE
added 2021/05/27 12:15 p.m.1039 views

CVE-2021-22899

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature

8.8CVSS9.2AI score0.44951EPSS
In wild
CVE
CVE
added 2021/05/27 12:15 p.m.1034 views

CVE-2021-22900

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

7.2CVSS7.9AI score0.01668EPSS
In wild
CVE
CVE
added 2019/06/19 12:15 a.m.743 views

CVE-2019-11477

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182...

7.8CVSS7.5AI score0.76442EPSS
CVE
CVE
added 2025/01/08 11:15 p.m.724 views

CVE-2025-0282

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

9CVSS8.3AI score0.93098EPSS
In wild
CVE
CVE
added 2024/01/12 5:15 p.m.664 views

CVE-2023-46805

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

8.2CVSS8.9AI score0.9442EPSS
In wild
CVE
CVE
added 2024/01/12 5:15 p.m.620 views

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

9.1CVSS9.4AI score0.9442EPSS
In wildWeb
CVE
CVE
added 2025/04/03 4:15 p.m.615 views

CVE-2025-22457

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

9.8CVSS8.5AI score0.68521EPSS
In wildWeb
CVE
CVE
added 2019/06/19 12:15 a.m.589 views

CVE-2019-11478

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

7.5CVSS6.4AI score0.24845EPSS
CVE
CVE
added 2025/01/08 11:15 p.m.518 views

CVE-2025-0283

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

7CVSS7.2AI score0.93098EPSS
In wild
CVE
CVE
added 2024/01/31 6:15 p.m.456 views

CVE-2024-21893

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

8.2CVSS8.8AI score0.9432EPSS
In wild
CVE
CVE
added 2024/01/31 6:15 p.m.266 views

CVE-2024-21888

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

8.8CVSS9.1AI score0.61709EPSS
In wild
CVE
CVE
added 2024/02/13 4:15 a.m.264 views

CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

8.3CVSS8.2AI score0.9431EPSS
In wild
CVE
CVE
added 2024/04/04 11:15 p.m.177 views

CVE-2024-21894

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of ...

9.8CVSS7.7AI score0.11025EPSS
CVE
CVE
added 2023/12/16 2:15 a.m.160 views

CVE-2023-39340

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.

7.5CVSS7.3AI score0.00392EPSS
CVE
CVE
added 2023/12/14 2:15 a.m.146 views

CVE-2023-41719

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.

7.2CVSS7.2AI score0.03146EPSS
CVE
CVE
added 2021/08/16 7:15 p.m.140 views

CVE-2021-22937

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.

7.2CVSS6.8AI score0.07485EPSS
CVE
CVE
added 2023/12/14 2:15 a.m.138 views

CVE-2023-41720

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated executio...

7.8CVSS7AI score0.00125EPSS
CVE
CVE
added 2024/04/04 8:15 p.m.119 views

CVE-2024-22023

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.

5.3CVSS6.9AI score0.11025EPSS
CVE
CVE
added 2024/04/04 8:15 p.m.119 views

CVE-2024-22052

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

7.5CVSS6.8AI score0.11025EPSS
CVE
CVE
added 2024/04/04 8:15 p.m.115 views

CVE-2024-22053

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.

8.2CVSS7AI score0.11025EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.106 views

CVE-2025-22467

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.

9.9CVSS9.7AI score0.5089EPSS
CVE
CVE
added 2019/06/03 8:29 p.m.94 views

CVE-2019-11509

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin w...

8.8CVSS9.2AI score0.06923EPSS
CVE
CVE
added 2024/10/18 11:15 p.m.88 views

CVE-2024-37404

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.

9.1CVSS7.4AI score0.81509EPSS
Web
CVE
CVE
added 2019/04/12 3:29 p.m.86 views

CVE-2019-11213

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed....

8.1CVSS4.1AI score0.0262EPSS
CVE
CVE
added 2019/04/26 2:29 a.m.86 views

CVE-2019-11540

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.

9.8CVSS9.3AI score0.14764EPSS
CVE
CVE
added 2021/05/27 12:15 p.m.80 views

CVE-2021-22908

A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.

9CVSS8.8AI score0.31772EPSS
CVE
CVE
added 2021/08/16 7:15 p.m.79 views

CVE-2021-22934

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.

7.2CVSS7AI score0.04382EPSS
CVE
CVE
added 2022/12/05 10:15 p.m.79 views

CVE-2022-35254

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions pri...

7.5CVSS7.4AI score0.00745EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.77 views

CVE-2024-39712

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.08532EPSS
CVE
CVE
added 2021/08/16 7:15 p.m.76 views

CVE-2021-22933

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.

6.5CVSS6.4AI score0.06308EPSS
CVE
CVE
added 2020/07/27 11:15 p.m.75 views

CVE-2020-12880

An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available an...

5.5CVSS5.5AI score0.00079EPSS
CVE
CVE
added 2021/08/16 7:15 p.m.72 views

CVE-2021-22938

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.

7.2CVSS7AI score0.03925EPSS
CVE
CVE
added 2019/06/28 6:15 p.m.70 views

CVE-2018-20810

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.

9.8CVSS9.2AI score0.01536EPSS
CVE
CVE
added 2019/04/26 2:29 a.m.70 views

CVE-2019-11542

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authentic...

8CVSS8AI score0.43058EPSS
CVE
CVE
added 2021/08/16 7:15 p.m.69 views

CVE-2021-22935

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.

7.2CVSS7AI score0.03925EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.69 views

CVE-2024-10644

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.19677EPSS
CVE
CVE
added 2020/10/28 1:15 p.m.67 views

CVE-2020-8261

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure

4.3CVSS4.8AI score0.00613EPSS
CVE
CVE
added 2020/09/30 6:15 p.m.66 views

CVE-2020-8256

A vulnerability in the Pulse Connect Secure

4.9CVSS5.2AI score0.02706EPSS
CVE
CVE
added 2021/08/16 7:15 p.m.66 views

CVE-2021-22936

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.

6.1CVSS6.1AI score0.00152EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.66 views

CVE-2024-38655

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.14425EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.64 views

CVE-2019-11508

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.

8.6CVSS8.4AI score0.04324EPSS
CVE
CVE
added 2022/12/05 10:15 p.m.63 views

CVE-2022-35258

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions pri...

7.5CVSS7.4AI score0.00752EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.63 views

CVE-2024-38656

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.06469EPSS
Total number of security vulnerabilities119