Ivanti

Policy Secure

78 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2024-11005

  • EPSS 17.02%
  • Veröffentlicht 12.11.2024 17:15:07
  • Zuletzt bearbeitet 17.01.2025 20:23:26

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote cod...

6.1

CVE-2024-11004

  • EPSS 0.06%
  • Veröffentlicht 12.11.2024 17:15:06
  • Zuletzt bearbeitet 17.01.2025 20:05:17

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

8.8

CVE-2024-9420

  • EPSS 29.06%
  • Veröffentlicht 12.11.2024 16:15:26
  • Zuletzt bearbeitet 13.03.2025 16:15:25

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

7.5

CVE-2024-8495

  • EPSS 3.03%
  • Veröffentlicht 12.11.2024 16:15:26
  • Zuletzt bearbeitet 17.01.2025 20:04:56

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

4.9

CVE-2024-47909

  • EPSS 0.72%
  • Veröffentlicht 12.11.2024 16:15:23
  • Zuletzt bearbeitet 18.11.2024 15:09:45

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

7.8

CVE-2024-47906

  • EPSS 0.12%
  • Veröffentlicht 12.11.2024 16:15:22
  • Zuletzt bearbeitet 17.01.2025 20:27:14

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

4.9

CVE-2024-47905

  • EPSS 0.72%
  • Veröffentlicht 12.11.2024 16:15:22
  • Zuletzt bearbeitet 18.11.2024 15:08:47

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

7.2

CVE-2024-11007

  • EPSS 17.02%
  • Veröffentlicht 12.11.2024 16:15:20
  • Zuletzt bearbeitet 22.11.2024 17:15:07

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote cod...

8.8

CVE-2024-37404

  • EPSS 81.51%
  • Veröffentlicht 18.10.2024 23:15:03
  • Zuletzt bearbeitet 23.09.2025 02:10:06

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.

7.5

CVE-2024-29205

  • EPSS 1.57%
  • Veröffentlicht 25.04.2024 06:15:57
  • Zuletzt bearbeitet 21.11.2024 09:07:48

An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-...