Connect Secure Security Vulnerabilities and Issues — Connect Secure CVE List

Lucene search

IvantiConnect Secure

10 matches found

CVE•added 2024/04/04 8:15 p.m.•118 views

CVE-2024-22023

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.

5.3CVSS6.9AI score0.00433EPSS

CVE•added 2020/07/27 11:15 p.m.•73 views

CVE-2020-12880

An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available an...

5.5CVSS5.5AI score0.00079EPSS

CVE•added 2019/06/28 6:15 p.m.•58 views

CVE-2018-20811

A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12.

5.3CVSS5.3AI score0.00714EPSS

CVE•added 2022/09/30 5:15 p.m.•52 views

CVE-2022-21826

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down tha...

5.4CVSS5.3AI score0.34381EPSS

CVE•added 2016/05/26 2:59 p.m.•47 views

CVE-2016-4792

Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors.

5.3CVSS5.2AI score0.00532EPSS

CVE•added 2020/07/30 1:15 p.m.•47 views

CVE-2020-8217

A cross site scripting (XSS) vulnerability in Pulse Connect Secure

5.4CVSS5.2AI score0.00136EPSS

CVE•added 2016/05/26 2:59 p.m.•37 views

CVE-2016-4790

Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.5CVSS5.3AI score0.00081EPSS

CVE•added 2016/05/26 2:59 p.m.•35 views

CVE-2016-4788

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.

5.8CVSS5.6AI score0.00212EPSS

CVE•added 2025/07/08 4:15 p.m.•7 views

CVE-2025-0292

SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.

5.5CVSS6.3AI score0.00106EPSS

CVE•added 2025/07/08 3:15 p.m.•6 views

CVE-2025-5463

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.

5.5CVSS6.3AI score0.00029EPSS