Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Connect Secure  >> 22.2  Security Vulnerabilities
CVE-2025-22457
Known exploited
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
CVSS Score
9.0
EPSS Score
0.102
Published
2025-04-03
CVE-2025-22467
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
CVSS Score
9.9
EPSS Score
0.069
Published
2025-02-11
CVE-2024-13830
Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-02-11
CVE-2024-13842
A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
CVSS Score
6.0
EPSS Score
0.0
Published
2025-02-11
CVE-2024-13843
Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
CVSS Score
6.0
EPSS Score
0.0
Published
2025-02-11
CVE-2025-0283
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
CVSS Score
7.0
EPSS Score
0.0
Published
2025-01-08
CVE-2024-9844
Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.
CVSS Score
7.1
EPSS Score
0.013
Published
2024-12-10
CVE-2024-11633
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution
CVSS Score
9.1
EPSS Score
0.017
Published
2024-12-10
CVE-2024-11634
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)
CVSS Score
9.1
EPSS Score
0.03
Published
2024-12-10
CVE-2024-11005
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.057
Published
2024-11-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved