Lucene search

K
IvantiPolicy Secure

63 matches found

CVE
CVE
added 2019/04/26 2:29 a.m.1118 views

CVE-2019-11539

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin we...

8CVSS7.9AI score0.93756EPSS
CVE
CVE
added 2020/09/30 6:15 p.m.1026 views

CVE-2020-8243

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.

7.2CVSS8.1AI score0.22622EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.1016 views

CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.

7.2CVSS7.3AI score0.91071EPSS
CVE
CVE
added 2025/01/08 11:15 p.m.663 views

CVE-2025-0282

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

9CVSS8.3AI score0.93244EPSS
CVE
CVE
added 2024/01/12 5:15 p.m.611 views

CVE-2023-46805

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

8.2CVSS8.9AI score0.94398EPSS
CVE
CVE
added 2024/01/12 5:15 p.m.565 views

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

9.1CVSS9.4AI score0.94429EPSS
CVE
CVE
added 2025/04/03 4:15 p.m.548 views

CVE-2025-22457

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

9.8CVSS8.5AI score0.23792EPSS
CVE
CVE
added 2025/01/08 11:15 p.m.479 views

CVE-2025-0283

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

7CVSS7.2AI score0.00072EPSS
CVE
CVE
added 2024/01/31 6:15 p.m.415 views

CVE-2024-21893

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

8.2CVSS8.8AI score0.9432EPSS
CVE
CVE
added 2024/01/31 6:15 p.m.236 views

CVE-2024-21888

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

8.8CVSS9.1AI score0.61709EPSS
CVE
CVE
added 2024/02/13 4:15 a.m.223 views

CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

8.3CVSS8.2AI score0.94303EPSS
CVE
CVE
added 2024/04/04 11:15 p.m.176 views

CVE-2024-21894

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of ...

9.8CVSS7.7AI score0.11025EPSS
CVE
CVE
added 2024/04/04 8:15 p.m.118 views

CVE-2024-22023

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.

5.3CVSS6.9AI score0.00433EPSS
CVE
CVE
added 2024/04/04 8:15 p.m.118 views

CVE-2024-22052

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

7.5CVSS6.8AI score0.02798EPSS
CVE
CVE
added 2024/04/04 8:15 p.m.114 views

CVE-2024-22053

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.

8.2CVSS7AI score0.03804EPSS
CVE
CVE
added 2024/04/25 6:15 a.m.107 views

CVE-2024-29205

An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.

7.5CVSS7AI score0.01573EPSS
CVE
CVE
added 2019/06/03 8:29 p.m.92 views

CVE-2019-11509

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin w...

8.8CVSS9.2AI score0.07261EPSS
CVE
CVE
added 2022/12/05 10:15 p.m.78 views

CVE-2022-35254

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions pri...

7.5CVSS7.4AI score0.00768EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.75 views

CVE-2024-39712

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.07773EPSS
CVE
CVE
added 2020/07/27 11:15 p.m.73 views

CVE-2020-12880

An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available an...

5.5CVSS5.5AI score0.00079EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.68 views

CVE-2024-10644

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.06478EPSS
CVE
CVE
added 2020/10/28 1:15 p.m.66 views

CVE-2020-8261

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.

4.3CVSS4.8AI score0.00613EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.65 views

CVE-2024-38655

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.13237EPSS
CVE
CVE
added 2022/12/05 10:15 p.m.62 views

CVE-2022-35258

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions pri...

7.5CVSS7.4AI score0.00776EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.62 views

CVE-2024-38656

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.05878EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.62 views

CVE-2024-39711

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.07773EPSS
CVE
CVE
added 2024/10/18 11:15 p.m.61 views

CVE-2024-37404

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.

9.1CVSS7.4AI score0.78841EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.57 views

CVE-2024-13842

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

6CVSS5.7AI score0.0008EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.56 views

CVE-2024-39710

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.07773EPSS
CVE
CVE
added 2020/09/30 6:15 p.m.55 views

CVE-2020-8238

A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).

6.1CVSS5.8AI score0.00172EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.54 views

CVE-2024-9420

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

8.8CVSS7.2AI score0.27121EPSS
CVE
CVE
added 2020/10/27 5:15 a.m.53 views

CVE-2020-15352

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

7.2CVSS6.6AI score0.06555EPSS
CVE
CVE
added 2020/10/28 1:15 p.m.53 views

CVE-2020-8262

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.

6.1CVSS5.8AI score0.00144EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.51 views

CVE-2020-8206

An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.

8.1CVSS8AI score0.0152EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.51 views

CVE-2020-8221

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.

4.9CVSS4.9AI score0.02858EPSS
CVE
CVE
added 2025/02/21 2:15 a.m.51 views

CVE-2024-38657

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.

9.1CVSS9.2AI score0.00084EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.51 views

CVE-2024-39709

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

7.8CVSS7.6AI score0.00069EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.50 views

CVE-2024-11004

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

6.1CVSS6.2AI score0.0005EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.49 views

CVE-2024-11005

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.15668EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.49 views

CVE-2024-11007

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS8.4AI score0.15668EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.49 views

CVE-2024-13830

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

6.1CVSS6AI score0.00048EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.49 views

CVE-2024-47905

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

4.9CVSS5.3AI score0.00789EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.47 views

CVE-2020-8217

A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.

5.4CVSS5.2AI score0.00136EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.46 views

CVE-2020-8216

An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.

4.3CVSS4.2AI score0.02167EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.46 views

CVE-2024-47906

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

7.8CVSS7.6AI score0.00083EPSS
CVE
CVE
added 2020/07/30 1:15 p.m.45 views

CVE-2020-8220

A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.

6.5CVSS6.5AI score0.06668EPSS
CVE
CVE
added 2024/12/10 7:15 p.m.45 views

CVE-2024-11634

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)

9.1CVSS9.4AI score0.12141EPSS
CVE
CVE
added 2024/12/12 1:55 a.m.44 views

CVE-2024-37377

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.7AI score0.0085EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.43 views

CVE-2024-11006

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.15668EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.43 views

CVE-2024-13843

Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

6CVSS5.6AI score0.00048EPSS
Total number of security vulnerabilities63