Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Connect_secure
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 117 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-07-08 | CVE-2025-5463 | Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information. | Connect_secure, Policy_secure | N/A | ||
| 2025-07-08 | CVE-2025-0292 | SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services. | Connect_secure, Policy_secure | 4.9 | ||
| 2025-07-08 | CVE-2025-5464 | Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information. | Connect_secure | 5.5 | ||
| 2025-02-11 | CVE-2024-10644 | Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Connect_secure, Policy_secure | 7.2 | ||
| 2024-11-13 | CVE-2024-39710 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Connect_secure, Policy_secure | N/A | ||
| 2024-11-13 | CVE-2024-39711 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Connect_secure, Policy_secure | N/A | ||
| 2024-11-13 | CVE-2024-39712 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Connect_secure, Policy_secure | N/A | ||
| 2025-02-21 | CVE-2024-38657 | External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files. | Connect_secure, Policy_secure | 4.9 | ||
| 2025-02-21 | CVE-2024-38657 | External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files. | Connect_secure, Policy_secure | 4.9 | ||
| 2025-07-08 | CVE-2025-0293 | CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk. | Connect_secure, Policy_secure | 2.7 |