Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Policy_secure
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 42 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-12 | CVE-2024-8495 | A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service. | Connect_secure, Policy_secure | 7.5 | ||
| 2024-11-12 | CVE-2024-11004 | Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | Connect_secure, Policy_secure | 6.1 | ||
| 2024-11-12 | CVE-2024-11005 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Connect_secure, Policy_secure | 7.2 | ||
| 2024-11-12 | CVE-2024-11006 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Connect_secure, Policy_secure | 7.2 | ||
| 2024-12-10 | CVE-2024-11634 | Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx) | Connect_secure, Policy_secure | 7.2 | ||
| 2025-01-08 | CVE-2025-0283 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. | Connect_secure, Neurons_for_zero\-Trust_access, Policy_secure | 7.0 | ||
| 2024-01-31 | CVE-2024-21893 | A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. | Connect_secure, Neurons_for_zero\-Trust_access, Policy_secure | 8.2 | ||
| 2020-07-27 | CVE-2020-12880 | An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.) | Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure | 5.5 | ||
| 2020-07-30 | CVE-2020-8204 | A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. | Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure | 6.1 | ||
| 2020-07-30 | CVE-2020-8206 | An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. | Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure | 8.1 |