Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact

ivanti policy secure vulnerabilities and exploits

(subscribe to this query)
1000
VMScore

CVE-2024-21894

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may le...
Ivanti Connect SecureIvanti Policy SecureIvanti Connect Secure 9.1Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 22.6Ivanti Policy Secure 9.0Ivanti Policy Secure 9.1Ivanti Policy Secure 22.1
630
VMScore

CVE-2024-22023

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a li...
Ivanti Connect SecureIvanti Policy SecureIvanti Connect Secure 9.1Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 22.6Ivanti Policy Secure 9.0Ivanti Policy Secure 9.1Ivanti Policy Secure 22.1
850
VMScore

CVE-2024-22052

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack
Ivanti Connect SecureIvanti Policy SecureIvanti Connect Secure 9.1Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 22.6Ivanti Policy Secure 9.0Ivanti Policy Secure 9.1Ivanti Policy Secure 22.1
920
VMScore

CVE-2024-22053

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read conte...
Ivanti Connect SecureIvanti Policy SecureIvanti Connect Secure 9.1Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 22.6Ivanti Policy Secure 9.0Ivanti Policy Secure 9.1Ivanti Policy Secure 22.1
1000
VMScore

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Ivanti IcsIvanti IpsIvanti Connect Secure 9.0Ivanti Connect Secure 9.1Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 22.6Ivanti Policy Secure 9.0Ivanti Policy Secure 9.1
920
VMScore

CVE-2023-46805

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote malicious user to access restricted resources by bypassing control checks.
Ivanti IcsIvanti IpsIvanti Connect Secure 9.0Ivanti Connect Secure 9.1Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3Ivanti Connect Secure 22.4Ivanti Connect Secure 22.5Ivanti Connect Secure 22.6Ivanti Policy Secure 9.0Ivanti Policy Secure 9.1
980
VMScore

CVE-2024-21888

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.
Ivanti Connect Secure 9.0Ivanti Connect Secure 22.0Ivanti Policy Secure 22.0Ivanti Policy Secure 9.0Ivanti IcsIvanti IpsIvanti Connect Secure 9.1Ivanti Connect Secure 21.9Ivanti Connect Secure 21.12Ivanti Connect Secure 22.1Ivanti Connect Secure 22.2Ivanti Connect Secure 22.3
820
VMScore

CVE-2024-11007

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Ivanti Connect SecureIvanti Connect Secure 22.7Ivanti Policy SecureIvanti Policy Secure 22.7
590
VMScore

CVE-2024-47909

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
Ivanti Connect SecureIvanti Connect Secure 22.7Ivanti Policy SecureIvanti Policy Secure 22.7
590
VMScore

CVE-2024-47905

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
Ivanti Connect SecureIvanti Connect Secure 22.7Ivanti Policy SecureIvanti Policy Secure 22.7
Preferred Score:
VMScore
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
code executionallegrawinrarCVE-2025-6019online teacher record management systemCVE-2025-52556CVE-2025-6362arbitrary codeinjectCVE-2025-34028CVE-2025-6401CVE-2025-5479dnn.platform
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook