VYPR

Policy Secure

by Ivanti

CVEs (21)

  • CVE-2025-55144Sep 9, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.01

    Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.

  • CVE-2025-55143Sep 9, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.00

    Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to inject arbitrary text into a crafted HTTP response. User interaction is required.

  • CVE-2025-55142Sep 9, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.04

    Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.

  • CVE-2025-55141Sep 9, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.04

    Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.

  • CVE-2025-55139Sep 9, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.01

    SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to enumerate internal services.

  • CVE-2025-55148Sep 9, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.02

    Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.

  • CVE-2025-55147Sep 9, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.00

    CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is required

  • CVE-2025-55146Sep 9, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.01

    An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service.

  • CVE-2025-55145Sep 9, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.00

    Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker to hijack existing HTML5 connections.

  • CVE-2025-8711Sep 9, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.00

    CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required.

  • CVE-2025-8712Sep 9, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.01

    Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.

  • CVE-2025-5468Aug 12, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.00

    Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.

  • CVE-2025-5466Aug 12, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.01

    XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service

  • CVE-2025-5462Aug 12, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.01

    A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service.

  • CVE-2025-5456Aug 12, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.01

    A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125

  • CVE-2023-39339Jul 12, 2025
    Ivanti
    Policy Secure
    risk 0.00cvss epss 0.02

    A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request.

  • CVE-2025-0292Jul 8, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.01

    SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.

  • CVE-2025-0293Jul 8, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.00

    CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.

  • CVE-2025-5463Jul 8, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.00

    Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.

  • CVE-2025-5451Jul 8, 2025
    Ivanti
    Connect Secure
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.

Page 1 of 2