7.5

CVE-2022-35254

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.

Data is provided by the National Vulnerability Database (NVD)
IvantiConnect Secure Version < 9.1
IvantiConnect Secure Version9.1 Update-
IvantiConnect Secure Version9.1 Updater1
IvantiConnect Secure Version9.1 Updater1.0
IvantiConnect Secure Version9.1 Updater10.0
IvantiConnect Secure Version9.1 Updater10.2
IvantiConnect Secure Version9.1 Updater11.0
IvantiConnect Secure Version9.1 Updater11.1
IvantiConnect Secure Version9.1 Updater11.3
IvantiConnect Secure Version9.1 Updater11.4
IvantiConnect Secure Version9.1 Updater11.5
IvantiConnect Secure Version9.1 Updater12
IvantiConnect Secure Version9.1 Updater12.1
IvantiConnect Secure Version9.1 Updater12.2
IvantiConnect Secure Version9.1 Updater13
IvantiConnect Secure Version9.1 Updater13.1
IvantiConnect Secure Version9.1 Updater14
IvantiConnect Secure Version9.1 Updater15
IvantiConnect Secure Version9.1 Updater16
IvantiConnect Secure Version9.1 Updater16.1
IvantiConnect Secure Version9.1 Updater2
IvantiConnect Secure Version9.1 Updater2.0
IvantiConnect Secure Version9.1 Updater3
IvantiConnect Secure Version9.1 Updater3.0
IvantiConnect Secure Version9.1 Updater4
IvantiConnect Secure Version9.1 Updater4.0
IvantiConnect Secure Version9.1 Updater4.1
IvantiConnect Secure Version9.1 Updater4.2
IvantiConnect Secure Version9.1 Updater4.3
IvantiConnect Secure Version9.1 Updater5
IvantiConnect Secure Version9.1 Updater5.0
IvantiConnect Secure Version9.1 Updater6
IvantiConnect Secure Version9.1 Updater6.0
IvantiConnect Secure Version9.1 Updater7
IvantiConnect Secure Version9.1 Updater7.0
IvantiConnect Secure Version9.1 Updater8
IvantiConnect Secure Version9.1 Updater8.0
IvantiConnect Secure Version9.1 Updater8.1
IvantiConnect Secure Version9.1 Updater8.2
IvantiConnect Secure Version9.1 Updater8.4
IvantiConnect Secure Version9.1 Updater9
IvantiConnect Secure Version9.1 Updater9.0
IvantiConnect Secure Version9.1 Updater9.1
IvantiConnect Secure Version9.1 Updater9.2
IvantiConnect Secure Version21.9 Updater1
IvantiConnect Secure Version21.12 Updater1
IvantiConnect Secure Version22.1 Updater1
IvantiConnect Secure Version22.2 Update-
IvantiConnect Secure Version22.2 Updater1
IvantiNeurons For Zero-trust Access Version22.2 Updater1
IvantiPolicy Secure Version < 9.1
IvantiPolicy Secure Version9.1 Update-
IvantiPolicy Secure Version9.1 Updater1
IvantiPolicy Secure Version9.1 Updater10
IvantiPolicy Secure Version9.1 Updater11
IvantiPolicy Secure Version9.1 Updater12
IvantiPolicy Secure Version9.1 Updater13
IvantiPolicy Secure Version9.1 Updater13.1
IvantiPolicy Secure Version9.1 Updater14
IvantiPolicy Secure Version9.1 Updater15
IvantiPolicy Secure Version9.1 Updater16
IvantiPolicy Secure Version9.1 Updater2
IvantiPolicy Secure Version9.1 Updater3
IvantiPolicy Secure Version9.1 Updater3.1
IvantiPolicy Secure Version9.1 Updater4
IvantiPolicy Secure Version9.1 Updater4.1
IvantiPolicy Secure Version9.1 Updater4.2
IvantiPolicy Secure Version9.1 Updater5
IvantiPolicy Secure Version9.1 Updater6
IvantiPolicy Secure Version9.1 Updater7
IvantiPolicy Secure Version9.1 Updater8
IvantiPolicy Secure Version9.1 Updater8.1
IvantiPolicy Secure Version9.1 Updater8.2
IvantiPolicy Secure Version9.1 Updater9
IvantiPolicy Secure Version22.1 Updater1
IvantiPolicy Secure Version22.2 Updater1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.71% 0.714
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.