Ivanti

Connect Secure

132 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2

CVE-2024-22053

  • EPSS 7.42%
  • Published 04.04.2024 20:15:08
  • Last modified 21.11.2024 08:55:28

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or i...

8.3

CVE-2024-22024

  • EPSS 94.31%
  • Published 13.02.2024 04:15:07
  • Last modified 09.05.2025 19:15:59

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

8.8

CVE-2024-21888

Warning
  • EPSS 64%
  • Published 31.01.2024 18:15:47
  • Last modified 03.06.2025 19:15:37

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

8.2

CVE-2024-21893

Warning
  • EPSS 94.32%
  • Published 31.01.2024 18:15:47
  • Last modified 29.11.2024 15:16:27

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

9.1

CVE-2024-21887

Warning Exploit
  • EPSS 94.42%
  • Published 12.01.2024 17:15:10
  • Last modified 12.02.2025 19:55:33

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

8.2

CVE-2023-46805

Warning Exploit
  • EPSS 94.38%
  • Published 12.01.2024 17:15:09
  • Last modified 27.01.2025 21:53:11

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

7.5

CVE-2023-39340

  • EPSS 0.39%
  • Published 16.12.2023 02:15:07
  • Last modified 21.11.2024 08:15:11

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.

7.2

CVE-2023-41719

  • EPSS 3.15%
  • Published 14.12.2023 02:15:12
  • Last modified 21.11.2024 08:21:32

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.

7.8

CVE-2023-41720

  • EPSS 0.13%
  • Published 14.12.2023 02:15:12
  • Last modified 21.11.2024 08:21:32

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerabil...

7.5

CVE-2022-35254

  • EPSS 0.71%
  • Published 05.12.2022 22:15:10
  • Last modified 24.04.2025 15:15:47

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Iva...