Connect Secure

connect_secure

Vendor: Ivanti • 130 CVEs

CVEs (130)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-21893 1Ivanti 3Connect Secure Neurons For Zero Trust AccessPolicy Secure Oct 30, 2025 Jan 31, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resou...Show more A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.Show less
CVE-2024-21888 1Ivanti 2Connect Secure Policy Secure Jun 3, 2025 Jan 31, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.
CVE-2024-21887 1Ivanti 2Connect Secure Policy Secure Oct 31, 2025 Jan 12, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrar...Show more A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.Show less
CVE-2023-46805 1Ivanti 2Connect Secure Policy Secure Oct 31, 2025 Jan 12, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
CVE-2023-39340 1Ivanti 1Connect Secure Nov 21, 2024 Dec 16, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.
CVE-2023-41720 1Ivanti 1Connect Secure Nov 21, 2024 Dec 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installe...Show more A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system.Show less
CVE-2023-41719 1Ivanti 1Connect Secure Nov 21, 2024 Dec 14, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
CVE-2022-35258 1Ivanti 3Connect Secure Neurons For Zero Trust AccessPolicy Secure Nov 21, 2024 Dec 5, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior...Show more An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.Show less
CVE-2022-35254 1Ivanti 3Connect Secure Neurons For Zero Trust AccessPolicy Secure Apr 24, 2025 Dec 5, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior...Show more An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.Show less
CVE-2022-21826 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Sep 30, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the...Show more Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.Show less
CVE-2021-44720 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 12, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-o...Show more In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role.Show less
CVE-2021-22965 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Nov 19, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.
CVE-2021-22938 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
CVE-2021-22937 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
CVE-2021-22936 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
CVE-2021-22935 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
CVE-2021-22934 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious cr...Show more A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.Show less
CVE-2021-22933 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 Aug 16, 2021 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
CVE-2021-22908 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Nov 21, 2024 May 27, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, thi...Show more A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.Show less
CVE-2021-22900 2Ivanti Pulsesecure 2Connect Secure Pulse Connect Secure Dec 18, 2025 May 27, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the admi...Show more A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.Show less

Previous 1 2 345 6 7 Next