Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Policy_secure
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 63 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-30 | CVE-2020-8218 | A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | Connect_secure, Policy_secure, Pulse_policy_secure | 7.2 | ||
| 2025-07-12 | CVE-2023-39339 | A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request. | Policy_secure | N/A | ||
| 2025-02-11 | CVE-2024-12058 | External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files. | Connect_secure, Policy_secure | 4.9 | ||
| 2024-11-13 | CVE-2024-39709 | Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges. | Connect_secure, Policy_secure | N/A | ||
| 2025-07-08 | CVE-2025-5450 | Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted. | Connect_secure, Policy_secure | 2.7 | ||
| 2025-07-08 | CVE-2025-5451 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service. | Connect_secure, Policy_secure | N/A | ||
| 2025-07-08 | CVE-2025-5463 | Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information. | Connect_secure, Policy_secure | N/A | ||
| 2025-07-08 | CVE-2025-0292 | SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services. | Connect_secure, Policy_secure | 4.9 | ||
| 2025-02-11 | CVE-2024-10644 | Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Connect_secure, Policy_secure | 7.2 | ||
| 2024-11-13 | CVE-2024-39710 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Connect_secure, Policy_secure | N/A |