cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-37401,https://securityvulnerability.io/vulnerability/CVE-2024-37401,Remote Unauth. Denial of Service via IPsec OOBR Vulnerability,"An out-of-bounds read vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.1, which can be exploited by a remote unauthenticated attacker. This flaw can lead to a denial of service situation, affecting the availability of services reliant on the impacted product. Users are advised to update to the latest version to mitigate potential risks associated with this vulnerability.",Ivanti,Connect Secure,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-12T01:55:00.000Z,0
CVE-2024-37377,https://securityvulnerability.io/vulnerability/CVE-2024-37377,Heap-Based Buffer Overflow in Ivanti Connect Secure Allows Remote Denial of Service,"A vulnerability exists in Ivanti Connect Secure due to a heap-based buffer overflow in the IPsec component. This flaw can be exploited by remote unauthenticated attackers to trigger a denial of service, leading to service interruptions for users. Organizations using Ivanti Connect Secure should evaluate their systems to ensure they are running a version that mitigates this risk.",Ivanti,Connect Secure,7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-12T01:55:00.000Z,0
CVE-2024-11634,https://securityvulnerability.io/vulnerability/CVE-2024-11634,Remote Code Execution Vulnerability Affects Ivanti Connect Secure,"A command injection vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure that allows an authenticated remote attacker with administrative privileges to execute arbitrary commands on the server. This can lead to unauthorized access or manipulation of sensitive data, significantly compromising the integrity and confidentiality of the affected systems. The issue is associated with specific versions, prompting urgent action to mitigate potential risks. It is critical for administrators to review their deployments and apply the necessary updates to safeguard against this vulnerability.",Ivanti,"Connect Secure,Policy Secure",9.1,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T18:48:29.024Z,0
CVE-2024-11633,https://securityvulnerability.io/vulnerability/CVE-2024-11633,Remote Code Execution Vulnerability in Ivanti Connect Secure Prior to 22.7R2.4,"A security vulnerability in Ivanti Connect Secure prior to version 22.7R2.4 allows remote authenticated attackers, equipped with administrative privileges, to exploit an argument injection flaw. This vulnerability can lead to remote code execution, potentially enabling an attacker to execute arbitrary commands on the affected system. Administrators should prioritize updating to the latest version to mitigate the risks associated with this vulnerability.",Ivanti,Connect Secure,9.1,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T18:47:55.575Z,0
CVE-2024-11004,https://securityvulnerability.io/vulnerability/CVE-2024-11004,,Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.,Ivanti,"Connect Secure,Policy Secure",6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T17:15:00.000Z,0
CVE-2024-11005,https://securityvulnerability.io/vulnerability/CVE-2024-11005,Command Injection Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A command injection vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure prior to specified versions, allowing remote authenticated attackers with administrative privileges to execute arbitrary commands on the affected system. This vulnerability poses a significant risk as it may lead to unauthorized system access and control, emphasizing the importance of updating to the latest secure versions.",Ivanti,"Connect Secure,Policy Secure",9.1,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T17:15:00.000Z,0
CVE-2024-11006,https://securityvulnerability.io/vulnerability/CVE-2024-11006,Command Injection Vulnerability in Ivanti Connect Secure and Policy Secure,A command injection vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure. This security flaw allows a remote authenticated attacker with administrative privileges to execute arbitrary code on the affected systems. Organizations utilizing these products are urged to update to the latest versions to mitigate potential exploitation. Failure to act could lead to unauthorized access and control over critical systems.,Ivanti,"Connect Secure,Policy Secure",9.1,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T17:15:00.000Z,0
CVE-2024-47909,https://securityvulnerability.io/vulnerability/CVE-2024-47909,,A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.,Ivanti,"Connect Secure,Policy Secure",4.9,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-47905,https://securityvulnerability.io/vulnerability/CVE-2024-47905,,A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.,Ivanti,Connect Secure,4.9,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-47906,https://securityvulnerability.io/vulnerability/CVE-2024-47906,Security Flaw in Ivanti Connect Secure and Ivanti Policy Secure,"A vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure that enables a local authenticated attacker to escalate privileges due to excessive binary privileges. This issue impacts versions prior to Ivanti Connect Secure 22.7R2.3 and Ivanti Policy Secure 22.7R1.2, with the exception of version 9.1Rx. Organizations using these affected versions may be at risk, as the flaw could allow an attacker with local access to gain elevated privileges within the affected systems, potentially compromising sensitive data and access controls.",Ivanti,"Connect Secure,Policy Secure",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-47907,https://securityvulnerability.io/vulnerability/CVE-2024-47907,Stack-Based Buffer Overflow in Ivanti Connect Secure Product by Ivanti,"A vulnerability exists within Ivanti Connect Secure due to a stack-based buffer overflow in the IPsec component. This flaw allows a remote unauthenticated attacker to exploit the vulnerability effectively, resulting in a denial of service condition. Users of Ivanti Connect Secure should update to the latest version, 22.7R2.3 or later, to mitigate risks associated with this security issue.",Ivanti,Connect Secure,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-11007,https://securityvulnerability.io/vulnerability/CVE-2024-11007,Remote Code Execution Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A command injection vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1. This flaw permits a remote authenticated attacker, possessing administrative privileges, to execute arbitrary code on the affected systems. Notably, this vulnerability does not impact versions 9.1Rx. Given the nature of this vulnerability, attackers could exploit it to gain unauthorized access and manipulate sensitive operations, making it critical for organizations using these Ivanti products to implement the necessary updates and security measures promptly.",Ivanti,"Connect Secure,Policy Secure",7.2,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2023-38551,https://securityvulnerability.io/vulnerability/CVE-2023-38551,CRLF Injection Vulnerability in Ivanti Connect Secure Allows Cross-Site Scripting Attacks,"A CRLF Injection vulnerability exists in Ivanti Connect Secure versions 9.x and 22.x, allowing an authenticated user with high privileges to insert malicious code into the victim's browser. This vulnerability can lead to cross-site scripting (XSS) attacks, where an attacker exploits the trust of users by executing arbitrary scripts in their browsers. Organizations utilizing these versions of Ivanti Connect Secure should take immediate steps to mitigate the risk associated with this vulnerability, ensuring their systems are secured against unauthorized access and potential exploitation.",Ivanti,Connect Secure,8.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-31T17:38:31.360Z,0
CVE-2024-29205,https://securityvulnerability.io/vulnerability/CVE-2024-29205,Remote Attacker Can Cause Service Disruptions with Improper Check for Unusual or Exceptional Conditions Vulnerability,"An improper check for unusual or exceptional conditions exists in the web component of Ivanti Connect Secure and Ivanti Policy Secure. This flaw allows remote unauthenticated attackers to exploit the vulnerability by sending specially crafted requests to the affected systems, potentially leading to service disruptions. Entities using these products should be aware of the risk and take necessary measures to secure their environments against potential exploitation by malicious actors.",Ivanti,"Connect Secure,Policy Secure",7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-04-25T06:15:00.000Z,0
CVE-2024-21894,https://securityvulnerability.io/vulnerability/CVE-2024-21894,"Ivanti Connect Secure Suffers from Heap Overflow Vulnerability, Leading to DoS Attacks","Vulnerability CVE-2024-21894 affects Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure and allows an unauthenticated attacker to crash the service, leading to a denial-of-service (DoS) attack. In certain conditions, this vulnerability may also result in the execution of arbitrary code. It is part of a group of vulnerabilities that include heap overflow, null pointer dereference, and XML entity expansion, which pose serious threats to the security of the affected software. Ivanti has released patches to address these vulnerabilities and organizations are strongly recommended to apply these updates as soon as possible to mitigate the risk. No evidence of exploitation by threat actors, including ransomware groups, has been reported so far.",Ivanti,"Connect Secure,Policy Secure",9.8,CRITICAL,0.000910000002477318,false,true,true,true,true,false,false,2024-04-04T23:15:00.000Z,0
CVE-2024-22053,https://securityvulnerability.io/vulnerability/CVE-2024-22053,Heap Overflow Vulnerability in Ivanti Connect Secure Allows for DoS Attacks and Memory Reads,"A heap overflow vulnerability exists in the IPSec component of Ivanti Connect Secure and Ivanti Policy Secure. This issue allows unauthenticated users to craft and send specific requests to the affected services. As a result, this could lead to service crashes, effectively causing a Denial of Service (DoS), and in certain scenarios, may allow malicious actors to read sensitive memory contents. It is crucial for organizations using these products to assess their security posture and implement necessary mitigations.",Ivanti,"Connect Secure,Policy Secure",8.2,HIGH,0.0004600000102072954,false,true,false,false,,false,false,2024-04-04T20:15:00.000Z,0
CVE-2024-22052,https://securityvulnerability.io/vulnerability/CVE-2024-22052,Ivanti Connect Secure Vulnerability Could Lead to DoS Attacks,"The Ivanti Connect Secure and Policy Secure Gateways are impacted by multiple vulnerabilities, including heap overflow, null pointer dereference, and XML entity expansion flaws. These vulnerabilities could allow unauthenticated attackers to launch denial-of-service (DoS) attacks or execute arbitrary code. Ivanti has released security updates to mitigate these risks, with a strong recommendation to apply the patches with the highest priority. While there is no evidence of these vulnerabilities being exploited in the wild, organizations are advised to bolster monitoring and detection capabilities to identify any related suspicious activity. Overall, these vulnerabilities pose a significant threat to the availability of information security.",Ivanti,"Connect Secure,Policy Secure",7.5,HIGH,0.0004600000102072954,false,true,false,false,,false,false,2024-04-04T20:15:00.000Z,0
CVE-2024-22023,https://securityvulnerability.io/vulnerability/CVE-2024-22023,Ivanti Connect Secure XML Entity Expansion Vulnerability Could Lead to Limited-Time DoS,"An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. ",Ivanti,"Connect Secure,Policy Secure",5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-04-04T20:15:00.000Z,0
CVE-2023-39340,https://securityvulnerability.io/vulnerability/CVE-2023-39340,,A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.,Ivanti,Connect Secure,7.5,HIGH,0.0007800000021234155,false,false,false,false,,false,false,2023-12-16T02:15:00.000Z,0
CVE-2023-41719,https://securityvulnerability.io/vulnerability/CVE-2023-41719,,A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.,Ivanti,Connect Secure,7.2,HIGH,0.0016700000269338489,false,false,false,false,,false,false,2023-12-14T02:15:00.000Z,0
CVE-2023-41720,https://securityvulnerability.io/vulnerability/CVE-2023-41720,,A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system.,Ivanti,Connect Secure,7.8,HIGH,0.0005499999970197678,false,false,false,false,,false,false,2023-12-14T02:15:00.000Z,0