Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Policy_secure
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 55 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-07-08 | CVE-2025-0293 | CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk. | Connect_secure, Policy_secure | 2.7 | ||
| 2024-12-12 | CVE-2024-37377 | A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | Connect_secure, Policy_secure | N/A | ||
| 2024-12-12 | CVE-2024-37401 | An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. | Connect_secure, Policy_secure | N/A | ||
| 2024-11-13 | CVE-2024-38655 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Connect_secure, Policy_secure | 7.2 | ||
| 2024-11-13 | CVE-2024-38656 | Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Connect_secure, Policy_secure | N/A | ||
| 2024-01-31 | CVE-2024-21888 | A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. | Connect_secure, Policy_secure | 8.8 | ||
| 2024-02-13 | CVE-2024-22024 | An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. | Connect_secure, Policy_secure, Zero_trust_access | 8.3 | ||
| 2024-02-13 | CVE-2024-22024 | An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. | Connect_secure, Policy_secure, Zero_trust_access | 8.3 | ||
| 2024-02-13 | CVE-2024-22024 | An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. | Connect_secure, Policy_secure, Zero_trust_access | 8.3 | ||
| 2025-04-03 | CVE-2025-22457 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. | Connect_secure, Neurons_for_zero\-Trust_access, Policy_secure | 9.8 |