Lucene search

K

37 matches found

CVE
CVE
added 2025/04/03 4:15 p.m.615 views

CVE-2025-22457

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

9.8CVSS8.5AI score0.68521EPSS
In wildWeb
CVE
CVE
added 2025/01/08 11:15 p.m.518 views

CVE-2025-0283

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

7CVSS7.2AI score0.93098EPSS
In wild
CVE
CVE
added 2024/10/18 11:15 p.m.88 views

CVE-2024-37404

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.

9.1CVSS7.4AI score0.81509EPSS
Web
CVE
CVE
added 2022/12/05 10:15 p.m.79 views

CVE-2022-35254

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions pri...

7.5CVSS7.4AI score0.00745EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.77 views

CVE-2024-39712

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.08532EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.69 views

CVE-2024-10644

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.19677EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.66 views

CVE-2024-38655

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.14425EPSS
CVE
CVE
added 2022/12/05 10:15 p.m.63 views

CVE-2022-35258

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions pri...

7.5CVSS7.4AI score0.00752EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.63 views

CVE-2024-38656

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.06469EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.63 views

CVE-2024-39711

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.08532EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.59 views

CVE-2024-39710

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.08532EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.55 views

CVE-2024-9420

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

8.8CVSS7.2AI score0.29056EPSS
CVE
CVE
added 2025/02/21 2:15 a.m.52 views

CVE-2024-38657

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.

9.1CVSS9.2AI score0.00119EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.52 views

CVE-2024-39709

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

7.8CVSS7.6AI score0.00104EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.51 views

CVE-2024-11004

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

6.1CVSS6.2AI score0.0006EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.51 views

CVE-2024-11007

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS8.4AI score0.17022EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.50 views

CVE-2024-11005

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.17022EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.50 views

CVE-2024-13830

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

6.1CVSS6AI score0.00049EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.50 views

CVE-2024-47905

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

4.9CVSS5.3AI score0.00719EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.47 views

CVE-2024-47906

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

7.8CVSS7.6AI score0.00122EPSS
CVE
CVE
added 2024/12/10 7:15 p.m.46 views

CVE-2024-11634

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)

9.1CVSS9.4AI score0.13858EPSS
CVE
CVE
added 2024/12/12 1:55 a.m.45 views

CVE-2024-37377

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.7AI score0.00739EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.44 views

CVE-2024-11006

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.17022EPSS
CVE
CVE
added 2024/12/12 1:55 a.m.43 views

CVE-2024-37401

An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.03305EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.42 views

CVE-2024-8495

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.5AI score0.03029EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.40 views

CVE-2024-12058

External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

6.8CVSS6.4AI score0.01379EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.40 views

CVE-2024-47909

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

4.9CVSS5.3AI score0.00719EPSS
CVE
CVE
added 2025/08/12 3:15 p.m.13 views

CVE-2025-5456

A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a d...

7.5CVSS7.5AI score0.00256EPSS
CVE
CVE
added 2025/08/12 3:15 p.m.13 views

CVE-2025-5462

A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a deni...

7.5CVSS7.8AI score0.00234EPSS
CVE
CVE
added 2025/07/12 4:15 a.m.12 views

CVE-2023-39339

A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request.

4.9CVSS5.1AI score0.00861EPSS
CVE
CVE
added 2025/07/08 4:15 p.m.9 views

CVE-2025-0292

SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.

5.5CVSS6.3AI score0.00243EPSS
CVE
CVE
added 2025/07/08 4:15 p.m.9 views

CVE-2025-0293

CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.

6.6CVSS6.6AI score0.00042EPSS
CVE
CVE
added 2025/07/08 3:15 p.m.9 views

CVE-2025-5451

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.

4.9CVSS7.3AI score0.00519EPSS
CVE
CVE
added 2025/08/12 3:15 p.m.9 views

CVE-2025-5468

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to re...

5.5CVSS6.8AI score0.00047EPSS
CVE
CVE
added 2025/07/08 3:15 p.m.8 views

CVE-2025-5450

Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.

6.3CVSS6.8AI score0.00156EPSS
CVE
CVE
added 2025/07/08 3:15 p.m.8 views

CVE-2025-5463

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.

5.5CVSS6.3AI score0.00056EPSS
CVE
CVE
added 2025/08/12 3:15 p.m.8 views

CVE-2025-5466

XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of...

4.9CVSS6.9AI score0.00404EPSS