Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  Security Vulnerabilities
CVE-2025-22454
Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-03-11
CVE-2024-38657
External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-02-21
CVE-2025-22467
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
CVSS Score
9.9
EPSS Score
0.313
Published
2025-02-11
CVE-2024-47908
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.073
Published
2025-02-11
CVE-2024-13813
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-02-11
CVE-2024-13830
Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-02-11
CVE-2024-13842
A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
CVSS Score
6.0
EPSS Score
0.001
Published
2025-02-11
CVE-2024-13843
Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
CVSS Score
6.0
EPSS Score
0.0
Published
2025-02-11
CVE-2024-10644
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.082
Published
2025-02-11
CVE-2024-11771
Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.
CVSS Score
5.3
EPSS Score
0.015
Published
2025-02-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved