Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

ivanti connect secure vulnerabilities and exploits

(subscribe to this query)
820
VMScore

CVE-2023-41719

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
Ivanti Connect SecureIvanti Connect Secure 21.9Ivanti Connect Secure 21.12Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 22.6Ivanti Connect Secure 9.1
850
VMScore

CVE-2023-39340

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.
Ivanti Connect SecureIvanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 9.1Ivanti Connect Secure 22.6
880
VMScore

CVE-2023-41720

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the malicious user ...
Ivanti Connect SecureIvanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 22.6
980
VMScore

CVE-2024-21888

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.
Ivanti Connect Secure 9.0Ivanti Connect Secure 22.0Ivanti Policy Secure 22.0Ivanti Policy Secure 9.0Ivanti IcsIvanti IpsIvanti Connect Secure 9.1Ivanti Connect Secure 21.9Ivanti Connect Secure 21.12Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3
820
VMScore

CVE-2019-11508

In Pulse Secure Pulse Connect Secure (PCS) prior to 8.1R15.1, 8.2 prior to 8.2R12.1, 8.3 prior to 8.3R7.1, and 9.0 prior to 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.
Ivanti Connect Secure 7.1Ivanti Connect Secure 7.4Ivanti Connect Secure 8.1Ivanti Connect Secure 8.2Ivanti Connect Secure 8.3Ivanti Connect Secure 9.0Pulsesecure Pulse Connect Secure 7.4
1000
VMScore

CVE-2024-21894

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may le...
Ivanti Connect SecureIvanti Policy SecureIvanti Connect Secure 9.1Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 22.6Ivanti Policy Secure 9.0Ivanti Policy Secure 9.1Ivanti Policy Secure 22.1
630
VMScore

CVE-2024-22023

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a li...
Ivanti Connect SecureIvanti Policy SecureIvanti Connect Secure 9.1Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 22.6Ivanti Policy Secure 9.0Ivanti Policy Secure 9.1Ivanti Policy Secure 22.1
850
VMScore

CVE-2024-22052

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack
Ivanti Connect SecureIvanti Policy SecureIvanti Connect Secure 9.1Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 22.6Ivanti Policy Secure 9.0Ivanti Policy Secure 9.1Ivanti Policy Secure 22.1
920
VMScore

CVE-2024-22053

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read conte...
Ivanti Connect SecureIvanti Policy SecureIvanti Connect Secure 9.1Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 22.6Ivanti Policy Secure 9.0Ivanti Policy Secure 9.1Ivanti Policy Secure 22.1
1000
VMScore

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Ivanti IcsIvanti IpsIvanti Connect Secure 9.0Ivanti Connect Secure 9.1Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 22.6Ivanti Policy Secure 9.0Ivanti Policy Secure 9.1
Preferred Score:
VMScore
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-4278updatenavifujitsu client computing limitedCVE-2025-32465CVE-2025-49184ibmCVE-2025-4275file uploadCVE-2025-33073sick agfile inclusionCVE-2025-26383unspecified
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook