Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Connect Secure  >> 22.4  Security Vulnerabilities
CVE-2025-5464
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-07-08
CVE-2025-0293
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
CVSS Score
6.6
EPSS Score
0.001
Published
2025-07-08
CVE-2025-0292
SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-07-08
CVE-2025-5463
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-07-08
CVE-2025-5450
Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-07-08
CVE-2024-38657
External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-02-21
CVE-2025-22467
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
CVSS Score
9.9
EPSS Score
0.509
Published
2025-02-11
CVE-2024-13830
Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-02-11
CVE-2024-13842
A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
CVSS Score
6.0
EPSS Score
0.001
Published
2025-02-11
CVE-2024-13843
Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
CVSS Score
6.0
EPSS Score
0.0
Published
2025-02-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved