Ivanti

Policy Secure

78 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.7

CVE-2025-5450

  • EPSS 0.16%
  • Veröffentlicht 08.07.2025 15:15:31
  • Zuletzt bearbeitet 15.07.2025 13:23:45

Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should...

9.8

CVE-2025-22457

Warnung Medienbericht
  • EPSS 71.7%
  • Veröffentlicht 03.04.2025 16:15:35
  • Zuletzt bearbeitet 03.05.2025 01:00:02

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

4.9

CVE-2024-38657

  • EPSS 0.16%
  • Veröffentlicht 21.02.2025 02:15:28
  • Zuletzt bearbeitet 09.07.2025 14:50:48

External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.

4.4

CVE-2024-13843

  • EPSS 0.05%
  • Veröffentlicht 11.02.2025 16:15:39
  • Zuletzt bearbeitet 20.02.2025 15:55:03

Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

4.4

CVE-2024-13842

  • EPSS 0.09%
  • Veröffentlicht 11.02.2025 16:15:39
  • Zuletzt bearbeitet 20.02.2025 15:55:29

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

6.1

CVE-2024-13830

  • EPSS 0.05%
  • Veröffentlicht 11.02.2025 16:15:39
  • Zuletzt bearbeitet 13.02.2025 17:09:11

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

4.9

CVE-2024-12058

  • EPSS 1.38%
  • Veröffentlicht 11.02.2025 16:15:38
  • Zuletzt bearbeitet 16.07.2025 16:00:23

External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

7.2

CVE-2024-10644

  • EPSS 19.68%
  • Veröffentlicht 11.02.2025 16:15:38
  • Zuletzt bearbeitet 14.07.2025 13:11:26

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7

CVE-2025-0283

  • EPSS 0.09%
  • Veröffentlicht 08.01.2025 23:15:09
  • Zuletzt bearbeitet 14.01.2025 15:58:55

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileg...

9

CVE-2025-0282

Warnung Medienbericht Exploit
  • EPSS 93.1%
  • Veröffentlicht 08.01.2025 23:15:09
  • Zuletzt bearbeitet 17.03.2025 19:24:45

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code ...