Policy Secure Security Vulnerabilities and Issues — Policy Secure CVE List

Lucene search

IvantiPolicy Secure

12 matches found

CVE•added 2025/02/11 4:15 p.m.•57 views

CVE-2024-13842

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

6CVSS5.7AI score0.0008EPSS

CVE•added 2020/09/30 6:15 p.m.•55 views

CVE-2020-8238

A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure

6.1CVSS5.8AI score0.00172EPSS

CVE•added 2020/10/28 1:15 p.m.•53 views

CVE-2020-8262

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.

6.1CVSS5.8AI score0.00144EPSS

CVE•added 2024/11/12 5:15 p.m.•50 views

CVE-2024-11004

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

6.1CVSS6.2AI score0.0005EPSS

CVE•added 2025/02/11 4:15 p.m.•49 views

CVE-2024-13830

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

6.1CVSS6AI score0.00048EPSS

CVE•added 2020/07/30 1:15 p.m.•45 views

CVE-2020-8220

A denial of service vulnerability exists in Pulse Connect Secure

6.5CVSS6.5AI score0.06668EPSS

CVE•added 2025/02/11 4:15 p.m.•43 views

CVE-2024-13843

Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

6CVSS5.6AI score0.00048EPSS

CVE•added 2020/07/30 1:15 p.m.•39 views

CVE-2020-8204

A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure

6.1CVSS5.9AI score0.00169EPSS

CVE•added 2020/07/30 1:15 p.m.•39 views

CVE-2020-8222

A path traversal vulnerability exists in Pulse Connect Secure

6.8CVSS6.4AI score0.0086EPSS

CVE•added 2025/02/11 4:15 p.m.•39 views

CVE-2024-12058

External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

6.8CVSS6.4AI score0.00947EPSS

CVE•added 2025/07/08 4:15 p.m.•7 views

CVE-2025-0293

CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.

6.6CVSS6.6AI score0.00034EPSS

CVE•added 2025/07/08 3:15 p.m.•7 views

CVE-2025-5450

Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.

6.3CVSS6.8AI score0.00107EPSS