VYPR

Connect Secure

by Ivanti

CVEs (79)

  • CVE-2016-4787CriMay 26, 2016
    risk 0.65cvss 10.0epss 0.02

    Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.

  • CVE-2017-11455HigAug 29, 2017
    risk 0.57cvss 8.8epss 0.01

    diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to…

  • CVE-2016-4791HigMay 26, 2016
    risk 0.56cvss 8.6epss 0.02

    The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via…

  • CVE-2023-38551HigMay 31, 2024
    risk 0.53cvss 8.2epss 0.01

    A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.

  • CVE-2024-29205HigApr 25, 2024
    risk 0.49cvss 7.5epss 0.02

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.

  • CVE-2016-4786HigMay 26, 2016
    risk 0.49cvss 7.5epss 0.02

    Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

  • CVE-2016-4789MedMay 26, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or…

  • CVE-2016-4788MedMay 26, 2016
    risk 0.38cvss 5.8epss 0.02

    Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.

  • CVE-2016-4790MedMay 26, 2016
    risk 0.36cvss 5.5epss 0.01

    Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-4792MedMay 26, 2016
    risk 0.35cvss 5.3epss 0.02

    Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors.

  • CVE-2025-0282KEVJan 8, 2025
    risk 0.29cvss epss 1.00

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

  • CVE-2024-21893KEVJan 31, 2024
    risk 0.29cvss epss 1.00

    A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

  • CVE-2024-21887KEVJan 12, 2024
    risk 0.29cvss epss 1.00

    A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

  • CVE-2023-46805KEVJan 12, 2024
    risk 0.29cvss epss 1.00

    An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

  • CVE-2025-22457KEVApr 3, 2025
    risk 0.26cvss epss 1.00

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

  • CVE-2024-37404Oct 18, 2024
    risk 0.10cvss epss 0.67

    Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.

  • CVE-2024-22024Feb 13, 2024
    risk 0.08cvss epss 0.95

    An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

  • CVE-2024-21888Jan 31, 2024
    risk 0.05cvss epss 0.87

    A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

  • CVE-2025-0283Jan 8, 2025
    risk 0.03cvss epss 0.17

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

  • CVE-2025-22467Feb 11, 2025
    risk 0.02cvss epss 0.04

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.

Page 1 of 4