Known Vulnerabilities
CVE-2024-11007
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CRITICAL
CVSS 9.1
Published Nov 12, 2024
CVE-2024-8495
A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.
HIGH
CVSS 7.5
Published Nov 12, 2024