Ivanti

Connect Secure

132 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7

CVE-2025-0283

  • EPSS 0.09%
  • Veröffentlicht 08.01.2025 23:15:09
  • Zuletzt bearbeitet 14.01.2025 15:58:55

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileg...

7.5

CVE-2024-37401

  • EPSS 3.31%
  • Veröffentlicht 12.12.2024 01:55:20
  • Zuletzt bearbeitet 02.07.2025 20:07:12

An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5

CVE-2024-37377

  • EPSS 0.74%
  • Veröffentlicht 12.12.2024 01:55:19
  • Zuletzt bearbeitet 02.07.2025 20:26:04

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

8.8

CVE-2024-9844

  • EPSS 2.98%
  • Veröffentlicht 10.12.2024 19:15:31
  • Zuletzt bearbeitet 17.01.2025 19:37:13

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.

7.2

CVE-2024-11633

  • EPSS 17.93%
  • Veröffentlicht 10.12.2024 19:15:19
  • Zuletzt bearbeitet 17.01.2025 19:35:05

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

7.2

CVE-2024-11634

  • EPSS 14.51%
  • Veröffentlicht 10.12.2024 19:15:19
  • Zuletzt bearbeitet 17.01.2025 19:32:48

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)

9.1

CVE-2024-39710

  • EPSS 8.53%
  • Veröffentlicht 13.11.2024 02:15:19
  • Zuletzt bearbeitet 11.07.2025 13:54:06

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1

CVE-2024-39711

  • EPSS 8.53%
  • Veröffentlicht 13.11.2024 02:15:19
  • Zuletzt bearbeitet 11.07.2025 13:53:54

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1

CVE-2024-39712

  • EPSS 8.53%
  • Veröffentlicht 13.11.2024 02:15:19
  • Zuletzt bearbeitet 11.07.2025 13:53:42

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.5

CVE-2024-37400

  • EPSS 4.66%
  • Veröffentlicht 13.11.2024 02:15:18
  • Zuletzt bearbeitet 27.06.2025 18:46:03

An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.