Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Policy_secure
(Ivanti)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 30 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-07-30 | CVE-2020-8221 | A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. | Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure | 4.9 | ||
2020-07-30 | CVE-2020-8222 | A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting. | Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure | 6.8 | ||
2020-09-30 | CVE-2020-8238 | A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). | Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure | 6.1 | ||
2020-09-30 | CVE-2020-8243 | A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure | 7.2 | ||
2020-10-27 | CVE-2020-15352 | An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure | 7.2 | ||
2020-10-28 | CVE-2020-8261 | A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. | Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure | 4.3 | ||
2020-10-28 | CVE-2020-8262 | A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. | Connect_secure, Policy_secure, Pulse_connect_secure, Pulse_policy_secure | 6.1 | ||
2022-12-05 | CVE-2022-35254 | An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. | Connect_secure, Neurons_for_zero\-Trust_access, Policy_secure | 7.5 | ||
2022-12-05 | CVE-2022-35258 | An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. | Connect_secure, Neurons_for_zero\-Trust_access, Policy_secure | 7.5 | ||
2024-01-12 | CVE-2023-46805 | An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | Connect_secure, Policy_secure | 8.2 |