6.3

CVE-2025-5450

Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IvantiConnect Secure Version < 22.7
IvantiConnect Secure Version22.7 Update-
IvantiConnect Secure Version22.7 Updater1
IvantiConnect Secure Version22.7 Updater1.1
IvantiConnect Secure Version22.7 Updater1.2
IvantiConnect Secure Version22.7 Updater1.3
IvantiConnect Secure Version22.7 Updater1.4
IvantiConnect Secure Version22.7 Updater1.5
IvantiConnect Secure Version22.7 Updater2
IvantiConnect Secure Version22.7 Updater2.1
IvantiConnect Secure Version22.7 Updater2.2
IvantiConnect Secure Version22.7 Updater2.3
IvantiConnect Secure Version22.7 Updater2.4
IvantiConnect Secure Version22.7 Updater2.5
IvantiConnect Secure Version22.7 Updater2.6
IvantiConnect Secure Version22.7 Updater2.7
IvantiPolicy Secure Version < 22.7
IvantiPolicy Secure Version22.7 Update-
IvantiPolicy Secure Version22.7 Updater1
IvantiPolicy Secure Version22.7 Updater1.1
IvantiPolicy Secure Version22.7 Updater1.2
IvantiPolicy Secure Version22.7 Updater1.3
IvantiPolicy Secure Version22.7 Updater1.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.305
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.7 1.2 1.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.3 2.8 3.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-602 Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.