VYPR

Connect Secure

by Ivanti

CVEs (79)

  • CVE-2024-13830Feb 11, 2025
    risk 0.00cvss epss 0.01

    Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

  • CVE-2024-12058Feb 11, 2025
    risk 0.00cvss epss 0.01

    External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

  • CVE-2024-10644Feb 11, 2025
    risk 0.00cvss epss 0.02

    Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-37377Dec 11, 2024
    risk 0.00cvss epss 0.02

    A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-9844Dec 10, 2024
    risk 0.00cvss epss 0.01

    Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.

  • CVE-2024-37400Nov 13, 2024
    risk 0.00cvss epss 0.02

    An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.

  • CVE-2024-38649Nov 13, 2024
    risk 0.00cvss epss 0.02

    An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-39709Nov 13, 2024
    risk 0.00cvss epss 0.00

    Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

  • CVE-2024-11004Nov 12, 2024
    risk 0.00cvss epss 0.01

    Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

  • CVE-2024-8495Nov 12, 2024
    risk 0.00cvss epss 0.01

    A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-47909Nov 12, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

  • CVE-2024-47907Nov 12, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-47906Nov 12, 2024
    risk 0.00cvss epss 0.00

    Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

  • CVE-2024-47905Nov 12, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

  • CVE-2024-22052Apr 4, 2024
    risk 0.00cvss epss 0.04

    A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

  • CVE-2024-22023Apr 4, 2024
    risk 0.00cvss epss 0.03

    An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a…

  • CVE-2023-39340Dec 16, 2023
    risk 0.00cvss epss 0.02

    A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.

  • CVE-2023-41719Dec 14, 2023
    risk 0.00cvss epss 0.03

    A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.

  • CVE-2023-41720Dec 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to…

Page 4 of 4