Policy Secure@22.5 Security Vulnerabilities and Issues — Policy Secure@22.5 CVE List

Lucene search

IvantiPolicy Secure22.5

9 matches found

CVE•added 2024/01/12 5:15 p.m.•611 views

CVE-2023-46805

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

8.2CVSS8.9AI score0.94398EPSS

CVE•added 2024/01/12 5:15 p.m.•565 views

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

9.1CVSS9.4AI score0.94429EPSS

CVE•added 2024/01/31 6:15 p.m.•415 views

CVE-2024-21893

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

8.2CVSS8.8AI score0.9432EPSS

CVE•added 2024/01/31 6:15 p.m.•236 views

CVE-2024-21888

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

8.8CVSS9.1AI score0.61709EPSS

CVE•added 2024/02/13 4:15 a.m.•223 views

CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

8.3CVSS8.2AI score0.94303EPSS

CVE•added 2024/04/04 11:15 p.m.•176 views

CVE-2024-21894

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of ...

9.8CVSS7.7AI score0.11025EPSS

CVE•added 2024/04/04 8:15 p.m.•118 views

CVE-2024-22023

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.

5.3CVSS6.9AI score0.00433EPSS

CVE•added 2024/04/04 8:15 p.m.•118 views

CVE-2024-22052

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

7.5CVSS6.8AI score0.02798EPSS

CVE•added 2024/04/04 8:15 p.m.•114 views

CVE-2024-22053

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.

8.2CVSS7AI score0.03804EPSS