Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Connect_secure
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 94 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-01-08 | CVE-2025-0282 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | Connect_secure, Neurons_for_zero\-Trust_access, Policy_secure | 9.0 | ||
| 2025-02-11 | CVE-2024-13842 | A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | Connect_secure, Policy_secure | 4.4 | ||
| 2025-02-11 | CVE-2024-13843 | Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | Connect_secure, Policy_secure | 4.4 | ||
| 2025-02-11 | CVE-2025-22467 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. | Connect_secure | 8.8 | ||
| 2025-02-11 | CVE-2024-13830 | Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | Connect_secure, Policy_secure | 6.1 | ||
| 2020-07-30 | CVE-2020-8218 | A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | Connect_secure, Policy_secure, Pulse_policy_secure | 7.2 | ||
| 2020-09-30 | CVE-2020-8243 | A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | Connect_secure, Policy_secure | 7.2 | ||
| 2020-10-28 | CVE-2020-8260 | A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. | Connect_secure | 7.2 | ||
| 2021-05-27 | CVE-2021-22894 | A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | Connect_secure | 8.8 | ||
| 2021-05-27 | CVE-2021-22899 | A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature | Connect_secure | 8.8 |