Ivanti

Connect Secure

132 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-8712

  • EPSS 0.18%
  • Published 09.09.2025 15:12:38
  • Last modified 24.09.2025 19:56:42

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote ...

4.9

CVE-2025-5466

  • EPSS 0.38%
  • Published 12.08.2025 15:15:31
  • Last modified 23.09.2025 18:18:59

XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated atta...

5.5

CVE-2025-5468

  • EPSS 0.04%
  • Published 12.08.2025 15:15:31
  • Last modified 23.09.2025 18:17:23

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-...

7.5

CVE-2025-5462

  • EPSS 0.22%
  • Published 12.08.2025 14:56:19
  • Last modified 23.09.2025 18:21:21

A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a ...

7.5

CVE-2025-5456

  • EPSS 0.24%
  • Published 12.08.2025 14:50:46
  • Last modified 23.09.2025 18:24:58

A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows...

4.9

CVE-2025-0292

  • EPSS 0.24%
  • Published 08.07.2025 15:33:24
  • Last modified 15.07.2025 12:55:41

SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.

2.7

CVE-2025-0293

  • EPSS 0.04%
  • Published 08.07.2025 15:33:05
  • Last modified 10.07.2025 13:10:48

CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.

5.5

CVE-2025-5464

  • EPSS 0.04%
  • Published 08.07.2025 15:32:32
  • Last modified 15.07.2025 12:45:15

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.

5.5

CVE-2025-5463

  • EPSS 0.06%
  • Published 08.07.2025 15:15:32
  • Last modified 15.07.2025 13:04:57

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.

2.7

CVE-2025-5450

  • EPSS 0.16%
  • Published 08.07.2025 15:15:31
  • Last modified 15.07.2025 13:23:45

Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should...