Ivanti: >> Connect Secure >> 22.1 Security Vulnerabilities
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.116
Published
2025-02-11
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
CVSS Score
7.0
EPSS Score
0.001
Published
2025-01-08
A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.007
Published
2024-12-12
Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.
CVSS Score
7.1
EPSS Score
0.028
Published
2024-12-10
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution
CVSS Score
9.1
EPSS Score
0.172
Published
2024-12-10
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)
CVSS Score
9.1
EPSS Score
0.139
Published
2024-12-10
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.085
Published
2024-11-13
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.085
Published
2024-11-13
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.085
Published
2024-11-13
An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.
CVSS Score
7.5
EPSS Score
0.047
Published
2024-11-13