Ivanti

Connect Secure

132 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-38649

  • EPSS 6.2%
  • Veröffentlicht 13.11.2024 02:15:18
  • Zuletzt bearbeitet 16.07.2025 00:27:56

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.

7.2

CVE-2024-38655

  • EPSS 14.43%
  • Veröffentlicht 13.11.2024 02:15:18
  • Zuletzt bearbeitet 27.06.2025 18:43:22

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1

CVE-2024-38656

  • EPSS 6.47%
  • Veröffentlicht 13.11.2024 02:15:18
  • Zuletzt bearbeitet 27.06.2025 18:42:28

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.8

CVE-2024-39709

  • EPSS 0.1%
  • Veröffentlicht 13.11.2024 02:15:18
  • Zuletzt bearbeitet 16.07.2025 00:32:01

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

7.2

CVE-2024-11005

  • EPSS 17.02%
  • Veröffentlicht 12.11.2024 17:15:07
  • Zuletzt bearbeitet 17.01.2025 20:23:26

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote cod...

7.2

CVE-2024-11006

  • EPSS 17.02%
  • Veröffentlicht 12.11.2024 17:15:07
  • Zuletzt bearbeitet 17.01.2025 20:23:23

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote cod...

6.1

CVE-2024-11004

  • EPSS 0.06%
  • Veröffentlicht 12.11.2024 17:15:06
  • Zuletzt bearbeitet 17.01.2025 20:05:17

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

7.5

CVE-2024-8495

  • EPSS 3.03%
  • Veröffentlicht 12.11.2024 16:15:26
  • Zuletzt bearbeitet 17.01.2025 20:04:56

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

8.8

CVE-2024-9420

  • EPSS 29.06%
  • Veröffentlicht 12.11.2024 16:15:26
  • Zuletzt bearbeitet 13.03.2025 16:15:25

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

4.9

CVE-2024-47909

  • EPSS 0.72%
  • Veröffentlicht 12.11.2024 16:15:23
  • Zuletzt bearbeitet 18.11.2024 15:09:45

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.