Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IvantiPolicy Secure

8 matches found

CVE
CVEadded 2024/04/04 8:15 p.m.119 views

CVE-2024-22023

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.

5.3CVSS6.9AI score0.11025EPSS
CVE
CVEadded 2020/07/27 11:15 p.m.75 views

CVE-2020-12880

An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available an...

5.5CVSS5.5AI score0.00079EPSS
CVE
CVEadded 2020/07/30 1:15 p.m.48 views

CVE-2020-8217

A cross site scripting (XSS) vulnerability in Pulse Connect Secure

5.4CVSS5.2AI score0.00136EPSS
CVE
CVEadded 2025/07/08 4:15 p.m.9 views

CVE-2025-0292

SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.

5.5CVSS6.3AI score0.00116EPSS
CVE
CVEadded 2025/08/12 3:15 p.m.8 views

CVE-2025-5468

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to re...

5.5CVSS6.8AI score0.00041EPSS
CVE
CVEadded 2025/07/08 3:15 p.m.7 views

CVE-2025-5463

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.

5.5CVSS6.3AI score0.00033EPSS
CVE
CVEadded 2 days ago2 views

CVE-2025-55144

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privil...

5.4CVSS6.3AI score0.00357EPSS
CVE
CVEadded 2 days ago2 views

CVE-2025-8711

CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of th...

5.4CVSS6.7AI score0.00042EPSS