Lucene search

K
IvantiConnect Secure22.7

38 matches found

CVE
CVE
added 2025/01/08 11:15 p.m.663 views

CVE-2025-0282

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

9CVSS8.3AI score0.93244EPSS
CVE
CVE
added 2025/04/03 4:15 p.m.548 views

CVE-2025-22457

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

9.8CVSS8.5AI score0.23792EPSS
CVE
CVE
added 2025/01/08 11:15 p.m.479 views

CVE-2025-0283

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

7CVSS7.2AI score0.00072EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.104 views

CVE-2025-22467

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.

9.9CVSS9.7AI score0.25608EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.75 views

CVE-2024-39712

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.07773EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.68 views

CVE-2024-10644

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.06478EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.65 views

CVE-2024-38655

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.13237EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.62 views

CVE-2024-38656

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.05878EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.62 views

CVE-2024-39711

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.07773EPSS
CVE
CVE
added 2024/12/10 7:15 p.m.59 views

CVE-2024-11633

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

9.1CVSS9.3AI score0.1641EPSS
CVE
CVE
added 2024/12/10 7:15 p.m.58 views

CVE-2024-9844

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.

8.8CVSS6.6AI score0.02402EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.57 views

CVE-2024-13842

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

6CVSS5.7AI score0.0008EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.56 views

CVE-2024-39710

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.07773EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.54 views

CVE-2024-9420

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

8.8CVSS7.2AI score0.27121EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.52 views

CVE-2024-47907

A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.7AI score0.00738EPSS
CVE
CVE
added 2025/02/21 2:15 a.m.51 views

CVE-2024-38657

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.

9.1CVSS9.2AI score0.00084EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.50 views

CVE-2024-11004

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

6.1CVSS6.2AI score0.0005EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.49 views

CVE-2024-11005

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.15668EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.49 views

CVE-2024-11007

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS8.4AI score0.15668EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.49 views

CVE-2024-13830

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

6.1CVSS6AI score0.00048EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.49 views

CVE-2024-47905

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

4.9CVSS5.3AI score0.00789EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.46 views

CVE-2024-37400

An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.

7.5CVSS7.2AI score0.03809EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.46 views

CVE-2024-38649

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.5AI score0.05084EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.46 views

CVE-2024-47906

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

7.8CVSS7.6AI score0.00083EPSS
CVE
CVE
added 2024/12/10 7:15 p.m.45 views

CVE-2024-11634

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)

9.1CVSS9.4AI score0.12141EPSS
CVE
CVE
added 2024/12/12 1:55 a.m.44 views

CVE-2024-37377

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.7AI score0.0085EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.43 views

CVE-2024-11006

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.15668EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.43 views

CVE-2024-13843

Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

6CVSS5.6AI score0.00048EPSS
CVE
CVE
added 2024/12/12 1:55 a.m.42 views

CVE-2024-37401

An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.03778EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.41 views

CVE-2024-8495

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.5AI score0.03311EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.39 views

CVE-2024-12058

External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

6.8CVSS6.4AI score0.00947EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.39 views

CVE-2024-47909

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

4.9CVSS5.3AI score0.00789EPSS
CVE
CVE
added 2025/07/08 4:15 p.m.9 views

CVE-2025-5464

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.

6.5CVSS5.7AI score0.00028EPSS
CVE
CVE
added 2025/07/08 3:15 p.m.7 views

CVE-2025-5451

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.

4.9CVSS7.3AI score0.00215EPSS
CVE
CVE
added 2025/07/08 4:15 p.m.6 views

CVE-2025-0292

SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.

5.5CVSS6.3AI score0.00106EPSS
CVE
CVE
added 2025/07/08 4:15 p.m.6 views

CVE-2025-0293

CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.

6.6CVSS6.6AI score0.00034EPSS
CVE
CVE
added 2025/07/08 3:15 p.m.6 views

CVE-2025-5450

Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.

6.3CVSS6.8AI score0.00107EPSS
CVE
CVE
added 2025/07/08 3:15 p.m.5 views

CVE-2025-5463

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.

5.5CVSS6.3AI score0.00029EPSS