Ivanti: >> Connect Secure >> 22.6 Security Vulnerabilities
CVE-2024-21887
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Known exploited
CVSS Score
9.1
EPSS Score
0.944
Published
2024-01-12
CVE-2023-46805
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
Known exploited
CVSS Score
8.2
EPSS Score
0.944
Published
2024-01-12
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-12-16
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
CVSS Score
7.2
EPSS Score
0.031
Published
2023-12-14
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system.
CVSS Score
7.0
EPSS Score
0.001
Published
2023-12-14
Page 7