Policy Secure Security Vulnerabilities and Issues — Policy Secure CVE List

Lucene search

IvantiPolicy Secure

14 matches found

cve•added 2020/09/30 6:15 p.m.•1029 views

CVE-2020-8243

A vulnerability in the Pulse Connect Secure

7.2CVSS8.1AI score0.22622EPSS

cve•added 2020/07/30 1:15 p.m.•1019 views

CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure

7.2CVSS7.3AI score0.91071EPSS

cve•added 2025/01/08 11:15 p.m.•482 views

CVE-2025-0283

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

7CVSS7.2AI score0.00072EPSS

cve•added 2024/04/04 8:15 p.m.•118 views

CVE-2024-22052

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

7.5CVSS6.8AI score0.02798EPSS

cve•added 2024/04/25 6:15 a.m.•107 views

CVE-2024-29205

An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.

7.5CVSS7AI score0.01573EPSS

cve•added 2022/12/05 10:15 p.m.•78 views

CVE-2022-35254

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions pri...

7.5CVSS7.4AI score0.00768EPSS

cve•added 2022/12/05 10:15 p.m.•62 views

CVE-2022-35258

7.5CVSS7.4AI score0.00776EPSS

cve•added 2020/10/27 5:15 a.m.•53 views

CVE-2020-15352

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

7.2CVSS6.6AI score0.06555EPSS

cve•added 2024/11/13 2:15 a.m.•51 views

CVE-2024-39709

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

7.8CVSS7.6AI score0.00069EPSS

cve•added 2024/11/12 4:15 p.m.•46 views

CVE-2024-47906

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

7.8CVSS7.6AI score0.00083EPSS

cve•added 2024/12/12 1:55 a.m.•44 views

CVE-2024-37377

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.7AI score0.0085EPSS

cve•added 2024/12/12 1:55 a.m.•42 views

CVE-2024-37401

An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.03778EPSS

cve•added 2020/07/30 1:15 p.m.•41 views

CVE-2020-8219

An insufficient permission check vulnerability exists in Pulse Connect Secure

7.2CVSS6.9AI score0.01732EPSS

cve•added 2024/11/12 4:15 p.m.•41 views

CVE-2024-8495

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.5AI score0.03311EPSS