cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11634,https://securityvulnerability.io/vulnerability/CVE-2024-11634,Remote Code Execution Vulnerability Affects Ivanti Connect Secure,"A command injection vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure that allows an authenticated remote attacker with administrative privileges to execute arbitrary commands on the server. This can lead to unauthorized access or manipulation of sensitive data, significantly compromising the integrity and confidentiality of the affected systems. The issue is associated with specific versions, prompting urgent action to mitigate potential risks. It is critical for administrators to review their deployments and apply the necessary updates to safeguard against this vulnerability.",Ivanti,"Connect Secure,Policy Secure",9.1,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T18:48:29.024Z,0
CVE-2024-11004,https://securityvulnerability.io/vulnerability/CVE-2024-11004,,Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.,Ivanti,"Connect Secure,Policy Secure",6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T17:15:00.000Z,0
CVE-2024-11006,https://securityvulnerability.io/vulnerability/CVE-2024-11006,Command Injection Vulnerability in Ivanti Connect Secure and Policy Secure,A command injection vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure. This security flaw allows a remote authenticated attacker with administrative privileges to execute arbitrary code on the affected systems. Organizations utilizing these products are urged to update to the latest versions to mitigate potential exploitation. Failure to act could lead to unauthorized access and control over critical systems.,Ivanti,"Connect Secure,Policy Secure",9.1,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T17:15:00.000Z,0
CVE-2024-11005,https://securityvulnerability.io/vulnerability/CVE-2024-11005,Command Injection Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A command injection vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure prior to specified versions, allowing remote authenticated attackers with administrative privileges to execute arbitrary commands on the affected system. This vulnerability poses a significant risk as it may lead to unauthorized system access and control, emphasizing the importance of updating to the latest secure versions.",Ivanti,"Connect Secure,Policy Secure",9.1,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T17:15:00.000Z,0
CVE-2024-47909,https://securityvulnerability.io/vulnerability/CVE-2024-47909,,A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.,Ivanti,"Connect Secure,Policy Secure",4.9,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-11007,https://securityvulnerability.io/vulnerability/CVE-2024-11007,Remote Code Execution Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A command injection vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1. This flaw permits a remote authenticated attacker, possessing administrative privileges, to execute arbitrary code on the affected systems. Notably, this vulnerability does not impact versions 9.1Rx. Given the nature of this vulnerability, attackers could exploit it to gain unauthorized access and manipulate sensitive operations, making it critical for organizations using these Ivanti products to implement the necessary updates and security measures promptly.",Ivanti,"Connect Secure,Policy Secure",7.2,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-47906,https://securityvulnerability.io/vulnerability/CVE-2024-47906,Security Flaw in Ivanti Connect Secure and Ivanti Policy Secure,"A vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure that enables a local authenticated attacker to escalate privileges due to excessive binary privileges. This issue impacts versions prior to Ivanti Connect Secure 22.7R2.3 and Ivanti Policy Secure 22.7R1.2, with the exception of version 9.1Rx. Organizations using these affected versions may be at risk, as the flaw could allow an attacker with local access to gain elevated privileges within the affected systems, potentially compromising sensitive data and access controls.",Ivanti,"Connect Secure,Policy Secure",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-29205,https://securityvulnerability.io/vulnerability/CVE-2024-29205,Remote Attacker Can Cause Service Disruptions with Improper Check for Unusual or Exceptional Conditions Vulnerability,"An improper check for unusual or exceptional conditions exists in the web component of Ivanti Connect Secure and Ivanti Policy Secure. This flaw allows remote unauthenticated attackers to exploit the vulnerability by sending specially crafted requests to the affected systems, potentially leading to service disruptions. Entities using these products should be aware of the risk and take necessary measures to secure their environments against potential exploitation by malicious actors.",Ivanti,"Connect Secure,Policy Secure",7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-04-25T06:15:00.000Z,0
CVE-2024-21894,https://securityvulnerability.io/vulnerability/CVE-2024-21894,"Ivanti Connect Secure Suffers from Heap Overflow Vulnerability, Leading to DoS Attacks","Vulnerability CVE-2024-21894 affects Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure and allows an unauthenticated attacker to crash the service, leading to a denial-of-service (DoS) attack. In certain conditions, this vulnerability may also result in the execution of arbitrary code. It is part of a group of vulnerabilities that include heap overflow, null pointer dereference, and XML entity expansion, which pose serious threats to the security of the affected software. Ivanti has released patches to address these vulnerabilities and organizations are strongly recommended to apply these updates as soon as possible to mitigate the risk. No evidence of exploitation by threat actors, including ransomware groups, has been reported so far.",Ivanti,"Connect Secure,Policy Secure",9.8,CRITICAL,0.000910000002477318,false,true,true,true,true,false,false,2024-04-04T23:15:00.000Z,0
CVE-2024-22052,https://securityvulnerability.io/vulnerability/CVE-2024-22052,Ivanti Connect Secure Vulnerability Could Lead to DoS Attacks,"The Ivanti Connect Secure and Policy Secure Gateways are impacted by multiple vulnerabilities, including heap overflow, null pointer dereference, and XML entity expansion flaws. These vulnerabilities could allow unauthenticated attackers to launch denial-of-service (DoS) attacks or execute arbitrary code. Ivanti has released security updates to mitigate these risks, with a strong recommendation to apply the patches with the highest priority. While there is no evidence of these vulnerabilities being exploited in the wild, organizations are advised to bolster monitoring and detection capabilities to identify any related suspicious activity. Overall, these vulnerabilities pose a significant threat to the availability of information security.",Ivanti,"Connect Secure,Policy Secure",7.5,HIGH,0.0004600000102072954,false,true,false,false,,false,false,2024-04-04T20:15:00.000Z,0
CVE-2024-22023,https://securityvulnerability.io/vulnerability/CVE-2024-22023,Ivanti Connect Secure XML Entity Expansion Vulnerability Could Lead to Limited-Time DoS,"An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. ",Ivanti,"Connect Secure,Policy Secure",5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-04-04T20:15:00.000Z,0
CVE-2024-22053,https://securityvulnerability.io/vulnerability/CVE-2024-22053,Heap Overflow Vulnerability in Ivanti Connect Secure Allows for DoS Attacks and Memory Reads,"A heap overflow vulnerability exists in the IPSec component of Ivanti Connect Secure and Ivanti Policy Secure. This issue allows unauthenticated users to craft and send specific requests to the affected services. As a result, this could lead to service crashes, effectively causing a Denial of Service (DoS), and in certain scenarios, may allow malicious actors to read sensitive memory contents. It is crucial for organizations using these products to assess their security posture and implement necessary mitigations.",Ivanti,"Connect Secure,Policy Secure",8.2,HIGH,0.0004600000102072954,false,true,false,false,,false,false,2024-04-04T20:15:00.000Z,0