Lucene search

K
IvantiConnect Secure

117 matches found

CVE
CVE
added 2024/11/12 4:15 p.m.41 views

CVE-2024-8495

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.5AI score0.03311EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.39 views

CVE-2020-8204

A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.

6.1CVSS5.9AI score0.00169EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.39 views

CVE-2020-8222

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.

6.8CVSS6.4AI score0.0086EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.39 views

CVE-2024-12058

External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

6.8CVSS6.4AI score0.00947EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.39 views

CVE-2024-47909

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

4.9CVSS5.3AI score0.00789EPSS
CVE
CVE
added 2018/09/06 11:29 p.m.38 views

CVE-2018-14366

download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.

6.1CVSS6.2AI score0.001EPSS
CVE
CVE
added 2016/05/26 2:59 p.m.37 views

CVE-2016-4790

Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.5CVSS5.3AI score0.00081EPSS
CVE
CVE
added 2016/05/26 2:59 p.m.35 views

CVE-2016-4788

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.

5.8CVSS5.6AI score0.00212EPSS
CVE
CVE
added 2016/05/26 2:59 p.m.34 views

CVE-2016-4787

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.

10CVSS9.2AI score0.02837EPSS
CVE
CVE
added 2016/05/26 2:59 p.m.33 views

CVE-2016-4789

Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecifie...

6.1CVSS5.9AI score0.00093EPSS
CVE
CVE
added 2016/05/26 2:59 p.m.30 views

CVE-2016-4786

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

7.8CVSS7.3AI score0.03515EPSS
CVE
CVE
added 2025/07/08 4:15 p.m.9 views

CVE-2025-5464

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.

6.5CVSS5.7AI score0.00028EPSS
CVE
CVE
added 2025/07/08 3:15 p.m.7 views

CVE-2025-5451

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.

4.9CVSS7.3AI score0.00215EPSS
CVE
CVE
added 2025/07/08 4:15 p.m.6 views

CVE-2025-0292

SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.

5.5CVSS6.3AI score0.00106EPSS
CVE
CVE
added 2025/07/08 4:15 p.m.6 views

CVE-2025-0293

CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.

6.6CVSS6.6AI score0.00034EPSS
CVE
CVE
added 2025/07/08 3:15 p.m.6 views

CVE-2025-5450

Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.

6.3CVSS6.8AI score0.00107EPSS
CVE
CVE
added 2025/07/08 3:15 p.m.5 views

CVE-2025-5463

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.

5.5CVSS6.3AI score0.00029EPSS
Total number of security vulnerabilities117