Policy Secure

policy_secure

Vendor: Ivanti • 77 CVEs

CVEs (77)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-8712 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 24, 2025 Sep 9, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on...Show more Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.Show less
CVE-2025-8711 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 24, 2025 Sep 9, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allo...Show more CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required.Show less
CVE-2025-55148 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 24, 2025 Sep 9, 2025 N/A· v4 7.6 HIGH· v3 N/A· v2 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on...Show more Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.Show less
CVE-2025-55147 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 24, 2025 Sep 9, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allo...Show more CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is requiredShow less
CVE-2025-55146 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 24, 2025 Sep 9, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed...Show more An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.Show less
CVE-2025-55145 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 24, 2025 Sep 9, 2025 N/A· v4 8.9 HIGH· v3 N/A· v2 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on...Show more Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker to hijack existing HTML5 connections.Show less
CVE-2025-55144 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 24, 2025 Sep 9, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on...Show more Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.Show less
CVE-2025-55143 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 24, 2025 Sep 9, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed...Show more Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to inject arbitrary text into a crafted HTTP response. User interaction is required.Show less
CVE-2025-55142 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 24, 2025 Sep 9, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on...Show more Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.Show less
CVE-2025-55141 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 24, 2025 Sep 9, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on...Show more Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.Show less
CVE-2025-55139 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 24, 2025 Sep 9, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allo...Show more SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to enumerate internal services.Show less
CVE-2025-5468 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 23, 2025 Aug 12, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22....Show more Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.Show less
CVE-2025-5466 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 23, 2025 Aug 12, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allo...Show more XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of serviceShow less
CVE-2025-5462 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 23, 2025 Aug 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix depl...Show more A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service.Show less
CVE-2025-5456 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 23, 2025 Aug 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix d...Show more A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125Show less
CVE-2023-39339 1Ivanti 1Policy Secure Jul 17, 2025 Jul 12, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request.
CVE-2025-0293 1Ivanti 2Connect Secure Policy Secure Jul 10, 2025 Jul 8, 2025 N/A· v4 2.7 LOW· v3 N/A· v2 CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk...Show more CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.Show less
CVE-2025-0292 1Ivanti 2Connect Secure Policy Secure Jul 15, 2025 Jul 8, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.
CVE-2025-5463 1Ivanti 2Connect Secure Policy Secure Jul 15, 2025 Jul 8, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.
CVE-2025-5451 1Ivanti 2Connect Secure Policy Secure Jul 15, 2025 Jul 8, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.

12 3 4 Next