Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Policy_secure
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 55 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-13 | CVE-2024-39710 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Connect_secure, Policy_secure | N/A | ||
| 2024-11-13 | CVE-2024-39711 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Connect_secure, Policy_secure | N/A | ||
| 2024-11-13 | CVE-2024-39712 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Connect_secure, Policy_secure | N/A | ||
| 2025-02-21 | CVE-2024-38657 | External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files. | Connect_secure, Policy_secure | 4.9 | ||
| 2025-02-21 | CVE-2024-38657 | External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files. | Connect_secure, Policy_secure | 4.9 | ||
| 2025-07-08 | CVE-2025-0293 | CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk. | Connect_secure, Policy_secure | 2.7 | ||
| 2024-12-12 | CVE-2024-37377 | A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | Connect_secure, Policy_secure | N/A |