Product:

Policy_secure

(Ivanti)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 30
Date Id Summary Products Score Patch Annotated
2020-07-30 CVE-2020-8221 A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure 4.9
2020-07-30 CVE-2020-8222 A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting. Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure 6.8
2020-09-30 CVE-2020-8238 A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure 6.1
2020-09-30 CVE-2020-8243 A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure 7.2
2020-10-27 CVE-2020-15352 An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure 7.2
2020-10-28 CVE-2020-8261 A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure 4.3
2020-10-28 CVE-2020-8262 A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure 6.1
2022-12-05 CVE-2022-35254 An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. Connect_secure, Neurons_for_zero\-Trust_access, Policy_secure 7.5
2022-12-05 CVE-2022-35258 An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. Connect_secure, Neurons_for_zero\-Trust_access, Policy_secure 7.5
2024-01-12 CVE-2023-46805 An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. Connect_secure, Policy_secure 8.2