Ivanti

Policy Secure

78 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-8712

  • EPSS 0.18%
  • Veröffentlicht 09.09.2025 15:12:38
  • Zuletzt bearbeitet 24.09.2025 19:56:42

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote ...

5.5

CVE-2025-5468

  • EPSS 0.04%
  • Veröffentlicht 12.08.2025 15:15:31
  • Zuletzt bearbeitet 23.09.2025 18:17:23

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-...

4.9

CVE-2025-5466

  • EPSS 0.38%
  • Veröffentlicht 12.08.2025 15:15:31
  • Zuletzt bearbeitet 23.09.2025 18:18:59

XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated atta...

7.5

CVE-2025-5462

  • EPSS 0.22%
  • Veröffentlicht 12.08.2025 14:56:19
  • Zuletzt bearbeitet 23.09.2025 18:21:21

A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a ...

7.5

CVE-2025-5456

  • EPSS 0.24%
  • Veröffentlicht 12.08.2025 14:50:46
  • Zuletzt bearbeitet 23.09.2025 18:24:58

A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows...

4.9

CVE-2023-39339

  • EPSS 0.64%
  • Veröffentlicht 12.07.2025 03:31:11
  • Zuletzt bearbeitet 17.07.2025 13:41:49

A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request.

4.9

CVE-2025-0292

  • EPSS 0.24%
  • Veröffentlicht 08.07.2025 15:33:24
  • Zuletzt bearbeitet 15.07.2025 12:55:41

SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.

2.7

CVE-2025-0293

  • EPSS 0.04%
  • Veröffentlicht 08.07.2025 15:33:05
  • Zuletzt bearbeitet 10.07.2025 13:10:48

CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.

5.5

CVE-2025-5463

  • EPSS 0.06%
  • Veröffentlicht 08.07.2025 15:15:32
  • Zuletzt bearbeitet 15.07.2025 13:04:57

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.

4.9

CVE-2025-5451

  • EPSS 0.46%
  • Veröffentlicht 08.07.2025 15:15:31
  • Zuletzt bearbeitet 15.07.2025 13:10:56

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.