Connect Secure Security Vulnerabilities and Issues — Connect Secure CVE List

Lucene search

IvantiConnect Secure

21 matches found

CVE•added 2021/08/16 7:15 p.m.•75 views

CVE-2021-22933

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.

6.5CVSS6.4AI score0.06308EPSS

CVE•added 2021/08/16 7:15 p.m.•65 views

CVE-2021-22936

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.

6.1CVSS6.1AI score0.00252EPSS

CVE•added 2019/06/28 6:15 p.m.•58 views

CVE-2018-20808

An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.

6.1CVSS5.9AI score0.0012EPSS

CVE•added 2019/06/28 6:15 p.m.•57 views

CVE-2018-20814

An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX.

6.1CVSS5.9AI score0.00105EPSS

CVE•added 2025/02/11 4:15 p.m.•57 views

CVE-2024-13842

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

6CVSS5.7AI score0.0008EPSS

CVE•added 2020/09/30 6:15 p.m.•55 views

CVE-2020-8238

A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure

6.1CVSS5.8AI score0.00172EPSS

CVE•added 2020/10/28 1:15 p.m.•53 views

CVE-2020-8262

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.

6.1CVSS5.8AI score0.00144EPSS

CVE•added 2024/11/12 5:15 p.m.•50 views

CVE-2024-11004

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

6.1CVSS6.2AI score0.0005EPSS

CVE•added 2025/02/11 4:15 p.m.•49 views

CVE-2024-13830

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

6.1CVSS6AI score0.00048EPSS

CVE•added 2019/05/08 5:29 p.m.•45 views

CVE-2019-11507

In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.

6.1CVSS6.2AI score0.00754EPSS

CVE•added 2020/07/30 1:15 p.m.•45 views

CVE-2020-8220

A denial of service vulnerability exists in Pulse Connect Secure

6.5CVSS6.5AI score0.06668EPSS

CVE•added 2019/06/28 6:15 p.m.•44 views

CVE-2018-20807

An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly.

6.1CVSS5.9AI score0.0012EPSS

CVE•added 2025/02/11 4:15 p.m.•43 views

CVE-2024-13843

Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

6CVSS5.6AI score0.00048EPSS

CVE•added 2020/07/30 1:15 p.m.•39 views

CVE-2020-8204

A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure

6.1CVSS5.9AI score0.00169EPSS

CVE•added 2020/07/30 1:15 p.m.•39 views

CVE-2020-8222

A path traversal vulnerability exists in Pulse Connect Secure

6.8CVSS6.4AI score0.0086EPSS

CVE•added 2025/02/11 4:15 p.m.•39 views

CVE-2024-12058

External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

6.8CVSS6.4AI score0.00947EPSS

CVE•added 2018/09/06 11:29 p.m.•38 views

CVE-2018-14366

download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.

6.1CVSS6.2AI score0.001EPSS

CVE•added 2016/05/26 2:59 p.m.•33 views

CVE-2016-4789

Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecifie...

6.1CVSS5.9AI score0.00093EPSS

CVE•added 2025/07/08 4:15 p.m.•10 views

CVE-2025-5464

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.

6.5CVSS5.7AI score0.00028EPSS

CVE•added 2025/07/08 4:15 p.m.•7 views

CVE-2025-0293

CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.

6.6CVSS6.6AI score0.00034EPSS

CVE•added 2025/07/08 3:15 p.m.•7 views

CVE-2025-5450

Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.

6.3CVSS6.8AI score0.00107EPSS