Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IvantiPolicy Secure

16 matches found

CVE
CVEadded 2025/01/08 11:15 p.m.664 views

CVE-2025-0282

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

9CVSS8.3AI score0.93244EPSS
CVE
CVEadded 2024/01/12 5:15 p.m.566 views

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

9.1CVSS9.4AI score0.94429EPSS
CVE
CVEadded 2025/04/03 4:15 p.m.549 views

CVE-2025-22457

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

9.8CVSS8.5AI score0.23792EPSS
CVE
CVEadded 2024/04/04 11:15 p.m.176 views

CVE-2024-21894

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of ...

9.8CVSS7.7AI score0.11025EPSS
CVE
CVEadded 2024/11/13 2:15 a.m.75 views

CVE-2024-39712

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.07773EPSS
CVE
CVEadded 2025/02/11 4:15 p.m.68 views

CVE-2024-10644

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.06478EPSS
CVE
CVEadded 2024/11/13 2:15 a.m.65 views

CVE-2024-38655

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.13237EPSS
CVE
CVEadded 2024/11/13 2:15 a.m.62 views

CVE-2024-38656

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.05878EPSS
CVE
CVEadded 2024/11/13 2:15 a.m.62 views

CVE-2024-39711

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.07773EPSS
CVE
CVEadded 2024/10/18 11:15 p.m.61 views

CVE-2024-37404

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.

9.1CVSS7.4AI score0.78841EPSS
CVE
CVEadded 2024/11/13 2:15 a.m.56 views

CVE-2024-39710

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.07773EPSS
CVE
CVEadded 2025/02/21 2:15 a.m.51 views

CVE-2024-38657

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.

9.1CVSS9.2AI score0.00084EPSS
CVE
CVEadded 2024/11/12 5:15 p.m.49 views

CVE-2024-11005

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.15668EPSS
CVE
CVEadded 2024/11/12 4:15 p.m.49 views

CVE-2024-11007

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS8.4AI score0.15668EPSS
CVE
CVEadded 2024/12/10 7:15 p.m.45 views

CVE-2024-11634

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)

9.1CVSS9.4AI score0.12141EPSS
CVE
CVEadded 2024/11/12 5:15 p.m.43 views

CVE-2024-11006

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.15668EPSS