Connect Secure Security Vulnerabilities and Issues — Connect Secure CVE List

Lucene search

IvantiConnect Secure

19 matches found

CVE•added 2019/04/26 2:29 a.m.•1119 views

CVE-2019-11539

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin we...

8CVSS7.9AI score0.93756EPSS

CVE•added 2021/05/27 12:15 p.m.•1009 views

CVE-2021-22899

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature

8.8CVSS9.2AI score0.44951EPSS

CVE•added 2024/01/12 5:15 p.m.•612 views

CVE-2023-46805

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

8.2CVSS8.9AI score0.94398EPSS

CVE•added 2024/01/31 6:15 p.m.•416 views

CVE-2024-21893

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

8.2CVSS8.8AI score0.9432EPSS

CVE•added 2024/01/31 6:15 p.m.•237 views

CVE-2024-21888

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

8.8CVSS9.1AI score0.61709EPSS

CVE•added 2024/02/13 4:15 a.m.•224 views

CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

8.3CVSS8.2AI score0.94303EPSS

CVE•added 2024/05/31 6:15 p.m.•158 views

CVE-2023-38551

A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.

8.2CVSS6.6AI score0.00369EPSS

CVE•added 2024/04/04 8:15 p.m.•114 views

CVE-2024-22053

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.

8.2CVSS7AI score0.03804EPSS

CVE•added 2019/06/03 8:29 p.m.•92 views

CVE-2019-11509

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin w...

8.8CVSS9.2AI score0.07261EPSS

CVE•added 2019/04/12 3:29 p.m.•85 views

CVE-2019-11213

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed....

8.1CVSS4.1AI score0.0262EPSS

CVE•added 2019/04/26 2:29 a.m.•69 views

CVE-2019-11542

8CVSS8AI score0.38785EPSS

CVE•added 2019/05/08 5:29 p.m.•63 views

CVE-2019-11508

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.

8.6CVSS8.4AI score0.04517EPSS

CVE•added 2017/08/29 3:29 p.m.•59 views

CVE-2017-11455

diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF...

8.8CVSS8.8AI score0.00563EPSS

CVE•added 2024/12/10 7:15 p.m.•58 views

CVE-2024-9844

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.

8.8CVSS6.6AI score0.02402EPSS

CVE•added 2024/11/12 4:15 p.m.•54 views

CVE-2024-9420

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

8.8CVSS7.2AI score0.27121EPSS

CVE•added 2020/07/30 1:15 p.m.•51 views

CVE-2020-8206

An improper authentication vulnerability exists in Pulse Connect Secure

8.1CVSS8AI score0.0152EPSS

CVE•added 2019/04/26 2:29 a.m.•50 views

CVE-2019-11543

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.

8.3CVSS6.5AI score0.00213EPSS

CVE•added 2019/04/26 2:29 a.m.•47 views

CVE-2019-11541

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.

8.3CVSS8.2AI score0.01765EPSS

CVE•added 2016/05/26 2:59 p.m.•41 views

CVE-2016-4791

The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.

8.6CVSS8.3AI score0.00276EPSS