Lucene search
+L
IvantiZero Trust Access Gateway

17 matches found

cve
cve
added 2025/04/03 3:20 p.m.668 views

CVE-2025-22457

CVE-2025-22457 is a stack-based buffer overflow in Ivanti Connect Secure family (affecting Ivanti Connect Secure prior to 22.7R2.6, Ivanti Policy Secure prior to 22.7R1.4, and Ivanti ZTA Gateways prior to 22.8R2.2) that enables remote code execution by a remote unauthenticated attacker. Affected ...

9.8CVSS8.5AI score0.99979EPSS
In wildWeb
cve
cve
added 2024/02/13 4:7 a.m.293 views

CVE-2024-22024

CVE-2024-22024 is an XML External Entity (XXE) vulnerability in Ivanti Connect Secure and Ivanti Policy Secure gateways (SAML component) affecting 9.x and 22.x branches, plus ZTA gateways. The issue allows an unauthenticated attacker to access certain restricted resources via SAML-based requests....

8.3CVSS8.2AI score0.94721EPSS
In wild
cve
cve
added 2025/09/09 3:12 p.m.36 views

CVE-2025-8712

Ivanti reports a missing authorization flaw (CVE-2025-8712) affecting Ivanti Connect Secure before 22.7R2.9/22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723, and Ivanti Neurons for Secure Access before 22.8R1.4. The issue allows a remote authenticated attacker ...

5.4CVSS6.3AI score0.00412EPSS
cve
cve
added 2025/09/09 3:41 p.m.34 views

CVE-2025-55139

CVE-2025-55139 is an SSRF issue affecting Ivanti Connect Secure (ICS) prior to 22.7R2.9/22.8R2, Ivanti Policy Secure prior to 22.7R1.6, Ivanti ZTA Gateway prior to 2.8R2.3-723, and Ivanti Neurons for Secure Access prior to 22.8R1.4. The root cause is a server-side request forgery that lets a remo...

6.8CVSS6.3AI score0.00846EPSS
cve
cve
added 2025/08/12 2:56 p.m.33 views

CVE-2025-5462

Ivanti vulnerability CVE-2025-5462 is a heap-based buffer overflow affecting Ivanti Connect Secure prior to 22.7R2.8 or 22.8R2, Ivanti Policy Secure prior to 22.7R1.5, Ivanti ZTA Gateway prior to 22.8R2.3-723, and Ivanti Neurons for Secure Access prior to 22.8R1.4. The flaw allows a remote unauth...

7.5CVSS7.8AI score0.01084EPSS
cve
cve
added 2025/08/12 2:50 p.m.32 views

CVE-2025-5456

CVE-2025-5456 is a buffer over-read in Ivanti Connect Secure prior to 22.7R2.8 or 22.8R2, Ivanti Policy Secure prior to 22.7R1.5, Ivanti ZTA Gateway prior to 2.8R2.3-723, and Ivanti Neurons for Secure Access prior to 22.8R1.4. The issue allows a remote unauthenticated attacker to trigger a denial...

7.5CVSS7.5AI score0.01068EPSS
cve
cve
added 2025/09/09 3:37 p.m.32 views

CVE-2025-55148

Ivanti vulnerabilities (CVE-2025-55148 and related) affect Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. Root cause: missing authorization checks allow a remote authenticated attacker with read-only admin privileges to configure restricted settings (fix deploy...

7.6CVSS6.3AI score0.00515EPSS
cve
cve
added 2025/08/12 3:0 p.m.31 views

CVE-2025-5466

CVE-2025-5466 is an XML External Entity (XEE) vulnerability affecting Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. The issue allows a remote authenticated attacker with admin privileges to trigger a denial of service. Affected versions before the stated fixes ...

4.9CVSS6.9AI score0.00643EPSS
cve
cve
added 2025/09/09 3:22 p.m.31 views

CVE-2025-55145

CVE-2025-55145 describes a missing authorization flaw in Ivanti Connect Secure (ICS), Ivanti Policy Secure, Ivanti ZTA Gateway, and Ivanti Neurons for Secure Access that allows a remote authenticated attacker to hijack existing HTML5 connections. Affected versions include ICS <= 22.7R2.9 and &...

8.9CVSS6.3AI score0.0059EPSS
cve
cve
added 2025/08/12 3:5 p.m.28 views

CVE-2025-5468

CVE-2025-5468 covers Ivanti products (Connect Secure, Policy Secure, ZTA Gateway, Neurons for Secure Access). The root cause is improper handling of symbolic links, enabling a local authenticated attacker to read arbitrary on-disk files. Affected versions include Ivanti Connect Secure before 22.7...

5.5CVSS6.8AI score0.00354EPSS
cve
cve
added 2025/09/09 3:28 p.m.27 views

CVE-2025-55146

Summary: CVE-2025-55146 describes an unchecked return value in Ivanti Connect Secure (before 22.7R2.9) and Ivanti Policy Secure (before 22.7R1.6), Ivanti ZTA Gateway (before 2.8R2.3-723), and Ivanti Neurons for Secure Access (before 22.8R1.4) that enables a remote authenticated attacker with admi...

4.9CVSS6.2AI score0.00744EPSS
cve
cve
added 2025/09/09 3:52 p.m.26 views

CVE-2025-55143

CVE-2025-55143 is a reflected text injection vulnerability affecting Ivanti Connect Secure < 22.7R2.9 or < 22.8R2, Ivanti Policy Secure < 22.7R1.6, Ivanti ZTA Gateway < 2.8R2.3-723, and Ivanti Neurons for Secure Access

6.1CVSS6.8AI score0.00663EPSS
cve
cve
added 2025/09/09 3:17 p.m.26 views

CVE-2025-8711

CVE-2025-8711 describes a cross-site request forgery (CSRF) vulnerability affecting Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723, and Ivanti Neurons for Secure Access before 22.8R1.4. An unauthenticated remote attacke...

5.4CVSS6.7AI score0.00306EPSS
cve
cve
added 2025/09/09 3:49 p.m.25 views

CVE-2025-55142

CVE-2025-55142 describes a missing authorization in Ivanti Connect Secure and related Ivanti products that permits a remote authenticated attacker with read-only admin privileges to configure authentication-related settings. According to multiple sources, the issue affects Ivanti Connect Secure (...

8.8CVSS6.5AI score0.00855EPSS
cve
cve
added 2025/09/09 3:55 p.m.24 views

CVE-2025-55144

CVE-2025-55144 affects Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. The vulnerability is a missing authorization flaw that lets a remote authenticated attacker with read‑only admin privileges configure restricted settings. Affected versions: Connect Secure &l...

5.4CVSS6.3AI score0.00514EPSS
cve
cve
added 2025/09/09 3:45 p.m.22 views

CVE-2025-55141

The CVE-2025-55141 issue affects Ivanti Connect Secure (before 22.7R2.9 or 22.8R2), Ivanti Policy Secure (before 22.7R1.6), Ivanti ZTA Gateway (before 2.8R2.3-723), and Ivanti Neurons for Secure Access (before 22.8R1.4). Root cause: missing authorization that allows a remote authenticated attacke...

8.8CVSS6.5AI score0.00855EPSS
cve
cve
added 2025/09/09 3:32 p.m.20 views

CVE-2025-55147

CVE-2025-55147 describes a CSRF flaw in Ivanti Connect Secure (before 22.7R2.9/22.8R2), Ivanti Policy Secure (before 22.7R1.6), Ivanti ZTA Gateway (before 2.8R2.3-723), and Ivanti Neurons for Secure Access (before 22.8R1.4). The fix deployed on 02-Aug-2025. The vulnerability allows a remote unaut...

8.8CVSS6.7AI score0.00565EPSS