Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
ivanti

Connect Secure

28 Versions 35 CVEs

Versions

22.7R2.3

OTHER 8 CVEs

22.7R2.5

OTHER 2 CVEs

22.6R2

OTHER 1 CVE

22.5R2.2

OTHER 1 CVE

9.1R14.6

OTHER 5 CVEs

22.3R1.2

OTHER 5 CVEs

9.1R16.4

OTHER 5 CVEs

22.2R3

OTHER 1 CVE

22.6R1.2

OTHER 1 CVE

22.7R2.4

OTHER 3 CVEs

22.6.1

SEMANTIC 3 CVEs

9.1R15.4

OTHER 5 CVEs

22.2R4.2

OTHER 5 CVEs

22.5R2.4

OTHER 5 CVEs

9.1R18.6

OTHER 1 CVE

9.1R18.9

OTHER 3 CVEs

22.6R2.3

OTHER 5 CVEs

22.4R2

OTHER 1 CVE

9.1R17.4

OTHER 5 CVEs

22.4R2.4

OTHER 5 CVEs

9.1R18.7

OTHER 3 CVEs

22.7R2

OTHER 2 CVEs

22.5R1.3

OTHER 5 CVEs

9.1R18.5

OTHER 5 CVEs

22.1R6.2

OTHER 5 CVEs

22.4R1.2

OTHER 5 CVEs

22.7R2.1

OTHER 12 CVEs

22.7R2.2

OTHER 2 CVEs

Recent CVEs

CVE-2025-0283

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.

HIGH Jan 08, 2025

CVE-2025-0282

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

CRITICAL Jan 08, 2025

CVE-2024-11633

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

CRITICAL Dec 10, 2024

CVE-2024-9844

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.

HIGH Dec 10, 2024

CVE-2024-11004

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

MEDIUM Nov 12, 2024

CVE-2024-11006

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL Nov 12, 2024

CVE-2024-8495

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

HIGH Nov 12, 2024

CVE-2023-38551

A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.

HIGH May 31, 2024