Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
ivanti

connect_secure

32 Versions 24 CVEs

Versions

22.7R2.3

OTHER 2 CVEs

22.7r2.2

OTHER 1 CVE

9.1R14.6

OTHER 5 CVEs

22.3R1.2

OTHER 5 CVEs

21.9

MAJOR_MINOR 1 CVE

9.1R16.4

OTHER 1 CVE

22.2R3

OTHER 4 CVEs

22.1

MAJOR_MINOR 1 CVE

22.3

MAJOR_MINOR 1 CVE

22.6R1.2

OTHER 4 CVEs

9.1R15.4

OTHER 5 CVEs

22.2R4.2

OTHER 5 CVEs

22.5R2.4

OTHER 5 CVEs

9.0

MAJOR_MINOR 2 CVEs

22.4r2

OTHER 1 CVE

22.7r2.3

OTHER 2 CVEs

22.6

MAJOR_MINOR 1 CVE

22.6R2.3

OTHER 5 CVEs

9.1

MAJOR_MINOR 1 CVE

9.1R17.4

OTHER 5 CVEs

22.4R2.4

OTHER 5 CVEs

22.4

MAJOR_MINOR 1 CVE

21.12

MAJOR_MINOR 1 CVE

22.5R1.3

OTHER 5 CVEs

9.1R18.5

OTHER 5 CVEs

22.1R6.2

OTHER 5 CVEs

22.0

MAJOR_MINOR 1 CVE

0

SINGLE_NUMBER 8 CVEs

22.4R1.2

OTHER 5 CVEs

22.7R2.1

OTHER 3 CVEs

22.2

MAJOR_MINOR 1 CVE

22.7r2.1

OTHER 2 CVEs

Recent CVEs

CVE-2024-38655

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL Nov 13, 2024

CVE-2024-39712

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL Nov 13, 2024

CVE-2024-38649

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.

HIGH Nov 13, 2024

CVE-2024-39711

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL Nov 13, 2024

CVE-2024-39709

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

HIGH Nov 13, 2024

CVE-2024-38656

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL Nov 13, 2024

CVE-2024-39710

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL Nov 13, 2024

CVE-2024-37404

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.

CRITICAL Oct 18, 2024