Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Connect_secure
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 97 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-02-11 | CVE-2024-13830 | Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | Connect_secure, Policy_secure | 6.1 | ||
| 2020-07-30 | CVE-2020-8218 | A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | Connect_secure, Policy_secure, Pulse_policy_secure | 7.2 | ||
| 2020-09-30 | CVE-2020-8243 | A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | Connect_secure, Policy_secure | 7.2 | ||
| 2020-10-28 | CVE-2020-8260 | A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. | Connect_secure | 7.2 | ||
| 2021-05-27 | CVE-2021-22894 | A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | Connect_secure | 8.8 | ||
| 2021-05-27 | CVE-2021-22899 | A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature | Connect_secure | 8.8 | ||
| 2024-01-12 | CVE-2024-21887 | A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | Connect_secure, Policy_secure | 9.1 | ||
| 2021-04-23 | CVE-2021-22893 | Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild. | Connect_secure | 10.0 | ||
| 2021-05-27 | CVE-2021-22900 | A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | Connect_secure, Pulse_connect_secure | 7.2 | ||
| 2019-04-26 | CVE-2019-11539 | In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. | Connect_secure, Pulse_connect_secure, Pulse_policy_secure | 7.2 |