Lucene search

K
IvantiConnect Secure

121 matches found

CVE
CVE
added 2022/12/05 10:15 p.m.63 views

CVE-2022-35258

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions pri...

7.5CVSS7.4AI score0.00752EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.63 views

CVE-2024-38656

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.06146EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.63 views

CVE-2024-39711

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.08117EPSS
CVE
CVE
added 2017/08/29 3:29 p.m.61 views

CVE-2017-11455

diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF...

8.8CVSS8.8AI score0.00563EPSS
CVE
CVE
added 2019/04/26 2:29 a.m.61 views

CVE-2019-11538

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.

7.7CVSS8.3AI score0.02193EPSS
CVE
CVE
added 2019/06/28 6:15 p.m.60 views

CVE-2018-20813

An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2.

9.8CVSS9.3AI score0.03845EPSS
CVE
CVE
added 2022/08/12 3:15 p.m.60 views

CVE-2021-44720

In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative ro...

7.2CVSS7.1AI score0.01415EPSS
CVE
CVE
added 2024/12/10 7:15 p.m.60 views

CVE-2024-11633

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

9.1CVSS9.3AI score0.11469EPSS
CVE
CVE
added 2019/06/28 6:15 p.m.59 views

CVE-2018-20808

An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.

6.1CVSS5.9AI score0.0012EPSS
CVE
CVE
added 2019/06/28 6:15 p.m.59 views

CVE-2018-20811

A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12.

5.3CVSS5.3AI score0.00714EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.59 views

CVE-2024-39710

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.08117EPSS
CVE
CVE
added 2024/12/10 7:15 p.m.59 views

CVE-2024-9844

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.

8.8CVSS6.6AI score0.02821EPSS
CVE
CVE
added 2019/06/28 6:15 p.m.58 views

CVE-2018-20814

An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX.

6.1CVSS5.9AI score0.00105EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.58 views

CVE-2024-13842

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

6CVSS5.7AI score0.0007EPSS
CVE
CVE
added 2020/09/30 6:15 p.m.56 views

CVE-2020-8238

A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure

6.1CVSS5.8AI score0.00186EPSS
CVE
CVE
added 2019/06/28 6:15 p.m.55 views

CVE-2018-20809

A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.

7.5CVSS7.4AI score0.03312EPSS
CVE
CVE
added 2020/10/28 1:15 p.m.55 views

CVE-2020-8262

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.

6.1CVSS5.8AI score0.00144EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.55 views

CVE-2024-9420

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

8.8CVSS7.2AI score0.32945EPSS
CVE
CVE
added 2020/10/27 5:15 a.m.54 views

CVE-2020-15352

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

7.2CVSS6.6AI score0.05333EPSS
CVE
CVE
added 2022/09/30 5:15 p.m.54 views

CVE-2022-21826

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down tha...

5.4CVSS5.3AI score0.26284EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.53 views

CVE-2024-47907

A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.7AI score0.01925EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.52 views

CVE-2020-8206

An improper authentication vulnerability exists in Pulse Connect Secure

8.1CVSS8AI score0.00917EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.52 views

CVE-2020-8221

A path traversal vulnerability exists in Pulse Connect Secure

4.9CVSS4.9AI score0.02858EPSS
CVE
CVE
added 2025/02/21 2:15 a.m.52 views

CVE-2024-38657

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.

9.1CVSS9.2AI score0.00106EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.52 views

CVE-2024-39709

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

7.8CVSS7.6AI score0.00097EPSS
CVE
CVE
added 2019/04/26 2:29 a.m.51 views

CVE-2019-11543

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.

8.3CVSS6.5AI score0.00179EPSS
CVE
CVE
added 2021/11/19 7:15 p.m.51 views

CVE-2021-22965

A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.

7.8CVSS7.5AI score0.11332EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.51 views

CVE-2024-11004

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

6.1CVSS6.2AI score0.00057EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.51 views

CVE-2024-11007

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS8.4AI score0.16285EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.50 views

CVE-2024-11005

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.16285EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.50 views

CVE-2024-13830

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

6.1CVSS6AI score0.00048EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.50 views

CVE-2024-47905

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

4.9CVSS5.3AI score0.02055EPSS
CVE
CVE
added 2016/05/26 2:59 p.m.48 views

CVE-2016-4792

Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors.

5.3CVSS5.2AI score0.00366EPSS
CVE
CVE
added 2019/04/26 2:29 a.m.48 views

CVE-2019-11541

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.

8.3CVSS8.2AI score0.01765EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.48 views

CVE-2020-8217

A cross site scripting (XSS) vulnerability in Pulse Connect Secure

5.4CVSS5.2AI score0.00136EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.47 views

CVE-2020-8216

An information disclosure vulnerability in meeting of Pulse Connect Secure

4.3CVSS4.2AI score0.02167EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.47 views

CVE-2024-37400

An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.

7.5CVSS7.2AI score0.02431EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.47 views

CVE-2024-38649

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.5AI score0.03266EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.47 views

CVE-2024-47906

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

7.8CVSS7.6AI score0.00153EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.46 views

CVE-2019-11507

In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.

6.1CVSS6.2AI score0.00262EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.46 views

CVE-2020-8220

A denial of service vulnerability exists in Pulse Connect Secure

6.5CVSS6.5AI score0.06668EPSS
CVE
CVE
added 2024/12/10 7:15 p.m.46 views

CVE-2024-11634

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)

9.1CVSS9.4AI score0.13858EPSS
CVE
CVE
added 2019/06/28 6:15 p.m.45 views

CVE-2018-20807

An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly.

6.1CVSS5.9AI score0.0012EPSS
CVE
CVE
added 2024/12/12 1:55 a.m.45 views

CVE-2024-37377

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.7AI score0.02229EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.44 views

CVE-2024-11006

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.16285EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.44 views

CVE-2024-13843

Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

6CVSS5.6AI score0.00025EPSS
CVE
CVE
added 2018/09/06 11:29 p.m.43 views

CVE-2018-6320

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.

9.8CVSS9.3AI score0.05235EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.43 views

CVE-2020-8219

An insufficient permission check vulnerability exists in Pulse Connect Secure

7.2CVSS6.9AI score0.01732EPSS
CVE
CVE
added 2024/12/12 1:55 a.m.43 views

CVE-2024-37401

An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.02431EPSS
CVE
CVE
added 2016/05/26 2:59 p.m.42 views

CVE-2016-4791

The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.

8.6CVSS8.3AI score0.00222EPSS
Total number of security vulnerabilities121