Connect Secure Security Vulnerabilities and Issues — Connect Secure CVE List

Lucene search

IvantiConnect Secure

5 matches found

CVE•added 2024/12/10 7:15 p.m.•59 views

CVE-2024-11633

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

9.1CVSS9.3AI score0.1641EPSS

CVE•added 2024/12/10 7:15 p.m.•58 views

CVE-2024-9844

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.

8.8CVSS6.6AI score0.02402EPSS

CVE•added 2024/12/10 7:15 p.m.•45 views

CVE-2024-11634

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)

9.1CVSS9.4AI score0.12141EPSS

CVE•added 2024/12/12 1:55 a.m.•44 views

CVE-2024-37377

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.7AI score0.0085EPSS

CVE•added 2024/12/12 1:55 a.m.•42 views

CVE-2024-37401

An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.03778EPSS