Policy Secure Security Vulnerabilities and Issues — Policy Secure CVE List

Lucene search

IvantiPolicy Secure

5 matches found

CVE•added 2024/04/04 8:15 p.m.•118 views

CVE-2024-22023

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.

5.3CVSS6.9AI score0.00433EPSS

CVE•added 2020/07/27 11:15 p.m.•73 views

CVE-2020-12880

An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available an...

5.5CVSS5.5AI score0.00079EPSS

CVE•added 2020/07/30 1:15 p.m.•47 views

CVE-2020-8217

A cross site scripting (XSS) vulnerability in Pulse Connect Secure

5.4CVSS5.2AI score0.00136EPSS

CVE•added 2025/07/08 4:15 p.m.•7 views

CVE-2025-0292

SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.

5.5CVSS6.3AI score0.00106EPSS

CVE•added 2025/07/08 3:15 p.m.•6 views

CVE-2025-5463

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.

5.5CVSS6.3AI score0.00029EPSS