Connect Secure@22.7 Security Vulnerabilities and Issues — Connect Secure@22.7 CVE List

Lucene search

IvantiConnect Secure22.7

22 matches found

CVE•added 2024/11/13 2:15 a.m.•75 views

CVE-2024-39712

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.07773EPSS

CVE•added 2024/11/13 2:15 a.m.•65 views

CVE-2024-38655

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.13237EPSS

CVE•added 2024/11/13 2:15 a.m.•62 views

CVE-2024-38656

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.05878EPSS

CVE•added 2024/11/13 2:15 a.m.•62 views

CVE-2024-39711

9.1CVSS9.4AI score0.07773EPSS

CVE•added 2024/12/10 7:15 p.m.•59 views

CVE-2024-11633

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

9.1CVSS9.3AI score0.1641EPSS

CVE•added 2024/12/10 7:15 p.m.•58 views

CVE-2024-9844

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.

8.8CVSS6.6AI score0.02402EPSS

CVE•added 2024/11/13 2:15 a.m.•56 views

CVE-2024-39710

9.1CVSS9.4AI score0.07773EPSS

CVE•added 2024/11/12 4:15 p.m.•54 views

CVE-2024-9420

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

8.8CVSS7.2AI score0.27121EPSS

CVE•added 2024/11/12 4:15 p.m.•52 views

CVE-2024-47907

A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.7AI score0.00738EPSS

CVE•added 2024/11/12 5:15 p.m.•50 views

CVE-2024-11004

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

6.1CVSS6.2AI score0.0005EPSS

CVE•added 2024/11/12 5:15 p.m.•49 views

CVE-2024-11005

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.15668EPSS

CVE•added 2024/11/12 4:15 p.m.•49 views

CVE-2024-11007

9.1CVSS8.4AI score0.15668EPSS

CVE•added 2024/11/12 4:15 p.m.•49 views

CVE-2024-47905

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

4.9CVSS5.3AI score0.00789EPSS

CVE•added 2024/11/13 2:15 a.m.•46 views

CVE-2024-37400

An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.

7.5CVSS7.2AI score0.03809EPSS

CVE•added 2024/11/13 2:15 a.m.•46 views

CVE-2024-38649

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.5AI score0.05084EPSS

CVE•added 2024/11/12 4:15 p.m.•46 views

CVE-2024-47906

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

7.8CVSS7.6AI score0.00083EPSS

CVE•added 2024/12/10 7:15 p.m.•45 views

CVE-2024-11634

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)

9.1CVSS9.4AI score0.12141EPSS

CVE•added 2024/12/12 1:55 a.m.•44 views

CVE-2024-37377

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.7AI score0.0085EPSS

CVE•added 2024/11/12 5:15 p.m.•43 views

CVE-2024-11006

9.1CVSS9.4AI score0.15668EPSS

CVE•added 2024/12/12 1:55 a.m.•42 views

CVE-2024-37401

An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.03778EPSS

CVE•added 2024/11/12 4:15 p.m.•41 views

CVE-2024-8495

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.5AI score0.03311EPSS

CVE•added 2024/11/12 4:15 p.m.•39 views

CVE-2024-47909

4.9CVSS5.3AI score0.00789EPSS