Ivanti

Policy Secure

78 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-37401

  • EPSS 3.31%
  • Published 12.12.2024 01:55:20
  • Last modified 02.07.2025 20:07:12

An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.

7.5

CVE-2024-37377

  • EPSS 0.74%
  • Published 12.12.2024 01:55:19
  • Last modified 02.07.2025 20:26:04

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

7.2

CVE-2024-11634

  • EPSS 14.51%
  • Published 10.12.2024 19:15:19
  • Last modified 17.01.2025 19:32:48

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)

9.1

CVE-2024-39712

  • EPSS 8.53%
  • Published 13.11.2024 02:15:19
  • Last modified 11.07.2025 13:53:42

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1

CVE-2024-39711

  • EPSS 8.53%
  • Published 13.11.2024 02:15:19
  • Last modified 11.07.2025 13:53:54

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1

CVE-2024-39710

  • EPSS 8.53%
  • Published 13.11.2024 02:15:19
  • Last modified 11.07.2025 13:54:06

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2

CVE-2024-38655

  • EPSS 14.43%
  • Published 13.11.2024 02:15:18
  • Last modified 27.06.2025 18:43:22

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.8

CVE-2024-39709

  • EPSS 0.1%
  • Published 13.11.2024 02:15:18
  • Last modified 16.07.2025 00:32:01

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

9.1

CVE-2024-38656

  • EPSS 6.47%
  • Published 13.11.2024 02:15:18
  • Last modified 27.06.2025 18:42:28

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2

CVE-2024-11006

  • EPSS 17.02%
  • Published 12.11.2024 17:15:07
  • Last modified 17.01.2025 20:23:23

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote cod...