Ivanti

Connect Secure

132 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2025-5451

  • EPSS 0.56%
  • Veröffentlicht 08.07.2025 15:15:31
  • Zuletzt bearbeitet 15.07.2025 13:10:56

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.

9.8

CVE-2025-22457

Warnung Medienbericht
  • EPSS 73.53%
  • Veröffentlicht 03.04.2025 16:15:35
  • Zuletzt bearbeitet 24.10.2025 14:29:56

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

4.9

CVE-2024-38657

  • EPSS 0.18%
  • Veröffentlicht 21.02.2025 02:15:28
  • Zuletzt bearbeitet 09.07.2025 14:50:48

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.

8.8

CVE-2025-22467

  • EPSS 53.25%
  • Veröffentlicht 11.02.2025 16:15:50
  • Zuletzt bearbeitet 20.02.2025 15:53:06

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.

6.1

CVE-2024-13830

  • EPSS 0.06%
  • Veröffentlicht 11.02.2025 16:15:39
  • Zuletzt bearbeitet 13.02.2025 17:09:11

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

4.4

CVE-2024-13842

  • EPSS 0.15%
  • Veröffentlicht 11.02.2025 16:15:39
  • Zuletzt bearbeitet 20.02.2025 15:55:29

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

4.4

CVE-2024-13843

  • EPSS 0.09%
  • Veröffentlicht 11.02.2025 16:15:39
  • Zuletzt bearbeitet 20.02.2025 15:55:03

Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

7.2

CVE-2024-10644

  • EPSS 24.66%
  • Veröffentlicht 11.02.2025 16:15:38
  • Zuletzt bearbeitet 14.07.2025 13:11:26

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

4.9

CVE-2024-12058

  • EPSS 1.69%
  • Veröffentlicht 11.02.2025 16:15:38
  • Zuletzt bearbeitet 16.07.2025 16:00:23

External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

9

CVE-2025-0282

Warnung Medienbericht Exploit
  • EPSS 94.11%
  • Veröffentlicht 08.01.2025 23:15:09
  • Zuletzt bearbeitet 24.10.2025 13:54:58

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code ...