Ivanti

Policy Secure

78 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-21894

  • EPSS 11.03%
  • Veröffentlicht 04.04.2024 23:15:15
  • Zuletzt bearbeitet 21.11.2024 08:55:12

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In ...

8.2

CVE-2024-22053

  • EPSS 7.42%
  • Veröffentlicht 04.04.2024 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:55:28

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or i...

7.5

CVE-2024-22052

  • EPSS 2.8%
  • Veröffentlicht 04.04.2024 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:55:28

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS ...

5.3

CVE-2024-22023

  • EPSS 0.72%
  • Veröffentlicht 04.04.2024 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:55:25

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion t...

8.3

CVE-2024-22024

  • EPSS 94.31%
  • Veröffentlicht 13.02.2024 04:15:07
  • Zuletzt bearbeitet 09.05.2025 19:15:59

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

8.2

CVE-2024-21893

Warnung
  • EPSS 94.32%
  • Veröffentlicht 31.01.2024 18:15:47
  • Zuletzt bearbeitet 29.11.2024 15:16:27

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

8.8

CVE-2024-21888

Warnung
  • EPSS 64%
  • Veröffentlicht 31.01.2024 18:15:47
  • Zuletzt bearbeitet 03.06.2025 19:15:37

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

9.1

CVE-2024-21887

Warnung Exploit
  • EPSS 94.42%
  • Veröffentlicht 12.01.2024 17:15:10
  • Zuletzt bearbeitet 12.02.2025 19:55:33

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

8.2

CVE-2023-46805

Warnung Exploit
  • EPSS 94.38%
  • Veröffentlicht 12.01.2024 17:15:09
  • Zuletzt bearbeitet 27.01.2025 21:53:11

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

7.5

CVE-2022-35258

  • EPSS 0.71%
  • Veröffentlicht 05.12.2022 22:15:10
  • Zuletzt bearbeitet 21.11.2024 07:10:59

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Iva...