Connect Secure

connect_secure

Vendor: Ivanti • 130 CVEs

CVEs (130)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-38656 1Ivanti 2Connect Secure Policy Secure Jun 27, 2025 Nov 13, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execut...Show more Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.Show less
CVE-2024-38655 1Ivanti 2Connect Secure Policy Secure Jun 27, 2025 Nov 13, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remot...Show more Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.Show less
CVE-2024-38649 1Ivanti 1Connect Secure Jul 16, 2025 Nov 13, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-37400 1Ivanti 1Connect Secure Jun 27, 2025 Nov 13, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.
CVE-2024-11006 1Ivanti 2Connect Secure Policy Secure Jan 17, 2025 Nov 12, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin pr...Show more Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.Show less
CVE-2024-11005 1Ivanti 2Connect Secure Policy Secure Jan 17, 2025 Nov 12, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin pr...Show more Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.Show less
CVE-2024-11004 1Ivanti 2Connect Secure Policy Secure Jan 17, 2025 Nov 12, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVE-2024-9420 1Ivanti 2Connect Secure Policy Secure Mar 13, 2025 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution
CVE-2024-8495 1Ivanti 2Connect Secure Policy Secure Jan 17, 2025 Nov 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-47909 1Ivanti 2Connect Secure Policy Secure Nov 18, 2024 Nov 12, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
CVE-2024-47907 1Ivanti 1Connect Secure Nov 18, 2024 Nov 12, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-47906 1Ivanti 2Connect Secure Policy Secure Jan 17, 2025 Nov 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to e...Show more Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.Show less
CVE-2024-47905 1Ivanti 2Connect Secure Policy Secure Nov 18, 2024 Nov 12, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
CVE-2024-11007 1Ivanti 2Connect Secure Policy Secure Nov 22, 2024 Nov 12, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin pr...Show more Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.Show less
CVE-2024-37404 1Ivanti 2Connect Secure Policy Secure Sep 23, 2025 Oct 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.
CVE-2024-21894 1Ivanti 2Connect Secure Policy Secure Nov 21, 2024 Apr 4, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service the...Show more A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code Show less
CVE-2024-22053 1Ivanti 2Connect Secure Policy Secure Nov 21, 2024 Apr 4, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service the...Show more A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. Show less
CVE-2024-22052 1Ivanti 2Connect Secure Policy Secure Nov 21, 2024 Apr 4, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the...Show more A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack Show less
CVE-2024-22023 1Ivanti 2Connect Secure Policy Secure Nov 21, 2024 Apr 4, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporari...Show more An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. Show less
CVE-2024-22024 1Ivanti 3Connect Secure Policy SecureZero Trust Access Gateway Oct 31, 2025 Feb 13, 2024 N/A· v4 8.3 HIGH· v3 N/A· v2 An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources wi...Show more An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.Show less

Previous 1 234 5 6 7 Next