CVEs (130)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights...Show more |
1Ivanti 3Connect Secure Policy SecureZero Trust Access GatewayOct 24, 2025 Apr 3, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to ac...Show more |
1Ivanti 2Connect Secure Policy SecureJul 9, 2025 Feb 21, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files. |
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. |
1Ivanti 2Connect Secure Policy SecureFeb 20, 2025 Feb 11, 2025 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. |
1Ivanti 2Connect Secure Policy SecureFeb 20, 2025 Feb 11, 2025 N/A· v4 4.4 MEDIUM· v3 N/A· v2 A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. |
1Ivanti 2Connect Secure Policy SecureFeb 13, 2025 Feb 11, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. |
1Ivanti 2Connect Secure Policy SecureJul 16, 2025 Feb 11, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files. |
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
1Ivanti 3Connect Secure Neurons For Zero Trust AccessPolicy SecureJan 14, 2025 Jan 8, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attac...Show more |
1Ivanti 3Connect Secure Neurons For Zero Trust AccessPolicy SecureOct 24, 2025 Jan 8, 2025 N/A· v4 9.0 CRITICAL· v3 N/A· v2 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated at...Show more |
An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. |
A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. |
Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. |
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not appl...Show more |
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution |
1Ivanti 2Connect Secure Policy SecureJul 11, 2025 Nov 13, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execut...Show more |
1Ivanti 2Connect Secure Policy SecureJul 11, 2025 Nov 13, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execu...Show more |
1Ivanti 2Connect Secure Policy SecureJul 11, 2025 Nov 13, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execut...Show more |
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalat...Show more |