Ivanti

Connect Secure

132 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2024-47905

  • EPSS 0.72%
  • Veröffentlicht 12.11.2024 16:15:22
  • Zuletzt bearbeitet 18.11.2024 15:08:47

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

7.8

CVE-2024-47906

  • EPSS 0.12%
  • Veröffentlicht 12.11.2024 16:15:22
  • Zuletzt bearbeitet 17.01.2025 20:27:14

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

7.5

CVE-2024-47907

  • EPSS 0.67%
  • Veröffentlicht 12.11.2024 16:15:22
  • Zuletzt bearbeitet 18.11.2024 15:09:30

A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

7.2

CVE-2024-11007

  • EPSS 17.02%
  • Veröffentlicht 12.11.2024 16:15:20
  • Zuletzt bearbeitet 22.11.2024 17:15:07

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote cod...

8.8

CVE-2024-37404

  • EPSS 81.51%
  • Veröffentlicht 18.10.2024 23:15:03
  • Zuletzt bearbeitet 23.09.2025 02:10:06

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.

8.2

CVE-2023-38551

  • EPSS 0.5%
  • Veröffentlicht 31.05.2024 18:15:09
  • Zuletzt bearbeitet 27.03.2025 21:15:42

A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.

7.5

CVE-2024-29205

  • EPSS 1.57%
  • Veröffentlicht 25.04.2024 06:15:57
  • Zuletzt bearbeitet 21.11.2024 09:07:48

An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-...

9.8

CVE-2024-21894

  • EPSS 11.03%
  • Veröffentlicht 04.04.2024 23:15:15
  • Zuletzt bearbeitet 21.11.2024 08:55:12

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In ...

5.3

CVE-2024-22023

  • EPSS 0.72%
  • Veröffentlicht 04.04.2024 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:55:25

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion t...

7.5

CVE-2024-22052

  • EPSS 2.8%
  • Veröffentlicht 04.04.2024 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:55:28

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS ...