Policy Secure Security Vulnerabilities and Issues — Page 2 of Policy Secure CVE List

Lucene search

IvantiPolicy Secure

63 matches found

CVE•added 2024/12/12 1:55 a.m.•42 views

CVE-2024-37401

An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.03778EPSS

CVE•added 2020/07/30 1:15 p.m.•41 views

CVE-2020-8219

An insufficient permission check vulnerability exists in Pulse Connect Secure

7.2CVSS6.9AI score0.01732EPSS

CVE•added 2024/11/12 4:15 p.m.•41 views

CVE-2024-8495

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.5AI score0.03311EPSS

CVE•added 2020/07/30 1:15 p.m.•39 views

CVE-2020-8204

A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure

6.1CVSS5.9AI score0.00169EPSS

CVE•added 2020/07/30 1:15 p.m.•39 views

CVE-2020-8222

A path traversal vulnerability exists in Pulse Connect Secure

6.8CVSS6.4AI score0.0086EPSS

CVE•added 2025/02/11 4:15 p.m.•39 views

CVE-2024-12058

External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

6.8CVSS6.4AI score0.00947EPSS

CVE•added 2024/11/12 4:15 p.m.•39 views

CVE-2024-47909

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

4.9CVSS5.3AI score0.00789EPSS

CVE•added 2025/07/12 4:15 a.m.•9 views

CVE-2023-39339

A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request.

4.9CVSS5.1AI score0.00394EPSS

CVE•added 2025/07/08 3:15 p.m.•7 views

CVE-2025-5451

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.

4.9CVSS7.3AI score0.00215EPSS

CVE•added 2025/07/08 4:15 p.m.•6 views

CVE-2025-0292

SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.

5.5CVSS6.3AI score0.00106EPSS

CVE•added 2025/07/08 4:15 p.m.•6 views

CVE-2025-0293

CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.

6.6CVSS6.6AI score0.00034EPSS

CVE•added 2025/07/08 3:15 p.m.•6 views

CVE-2025-5450

Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.

6.3CVSS6.8AI score0.00107EPSS

CVE•added 2025/07/08 3:15 p.m.•5 views

CVE-2025-5463

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.

5.5CVSS6.3AI score0.00029EPSS

Total number of security vulnerabilities63