cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-38657,https://securityvulnerability.io/vulnerability/CVE-2024-38657,File Write Vulnerability in Ivanti Connect Secure and Policy Secure Products,"This vulnerability allows an authenticated remote attacker with admin privileges to exploit flaws in Ivanti Connect Secure and Policy Secure. Specifically, it permits the attacker to control file names, enabling arbitrary file writing on the systems. Versions earlier than 22.7R2.4 for Connect Secure and 22.7R1.3 for Policy Secure are particularly vulnerable, presenting significant security risks that could lead to unauthorized data access and manipulation.",Ivanti,"Connect Secure,Policy Secure",9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-21T01:25:43.552Z,0
CVE-2024-13843,https://securityvulnerability.io/vulnerability/CVE-2024-13843,Cleartext Data Exposure in Ivanti Connect Secure and Policy Secure,"This vulnerability involves the cleartext storage of sensitive data in Ivanti Connect Secure and Ivanti Policy Secure, allowing local authenticated attackers with admin privileges to read this information. Versions prior to 22.7R2.6 for Connect Secure and 22.7R1.3 for Policy Secure are impacted, exposing user data to potential compromise. It is crucial for organizations using these products to assess their systems and implement updates to mitigate this risk.",Ivanti,"Connect Secure,Policy Secure",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T15:26:32.029Z,0
CVE-2024-13842,https://securityvulnerability.io/vulnerability/CVE-2024-13842,Hardcoded Key Vulnerability in Ivanti Connect Secure and Policy Secure Products,"A vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure due to a hardcoded key, which allows a local authenticated attacker with admin privileges to access and read sensitive data. This could lead to unauthorized information disclosure and pose serious risks to user privacy and data security. Organizations using these products are advised to review their configurations and promptly update to versions that mitigate this issue.",Ivanti,"Connect Secure,Policy Secure",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T15:25:49.528Z,0
CVE-2024-13830,https://securityvulnerability.io/vulnerability/CVE-2024-13830,Reflected XSS Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A reflected cross-site scripting vulnerability exists in the Ivanti Connect Secure and Ivanti Policy Secure products prior to specified versions. This vulnerability could allow a remote unauthenticated attacker to leverage it to obtain administrative privileges, provided that user interaction takes place. It is essential for users to implement necessary precautions and apply the recommended updates to safeguard against potential exploitation.",Ivanti,"Connect Secure,Policy Secure",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-11T15:22:15.945Z,0
CVE-2024-12058,https://securityvulnerability.io/vulnerability/CVE-2024-12058,File Name Control Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A security vulnerability present in Ivanti Connect Secure prior to version 22.7R2.6 and Ivanti Policy Secure prior to version 22.7R1.3 allows a remote authenticated attacker with administrative privileges to manipulate file names. This could lead to unauthorized reading of arbitrary files, potentially exposing sensitive data. Organizations using these products should evaluate their security postures and apply available patches to mitigate risks.",Ivanti,"Connect Secure,Policy Secure",6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T15:21:18.279Z,0
CVE-2024-10644,https://securityvulnerability.io/vulnerability/CVE-2024-10644,Code Injection Vulnerability in Ivanti Connect Secure and Policy Secure,"A vulnerability in Ivanti Connect Secure and Ivanti Policy Secure allows remote authenticated attackers with administrative privileges to execute arbitrary code on the affected systems. This issue exists in versions prior to 22.7R2.4 for Ivanti Connect Secure and 22.7R1.3 for Ivanti Policy Secure. If exploited, this vulnerability can lead to unauthorized control over the affected environments, potentially compromising sensitive data and system integrity.",Ivanti,"Connect Secure,Policy Secure",9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T15:20:46.680Z,0
CVE-2025-0283,https://securityvulnerability.io/vulnerability/CVE-2025-0283,"Stack-Based Buffer Overflow in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Gateways","A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA Gateways before specified versions. This flaw enables a local authenticated attacker to exploit the overflow condition, potentially leading to privilege escalation and unauthorized access to sensitive functionalities within the affected platforms.",Ivanti,"Connect Secure,Policy Secure,Neurons For Zta Gateways",7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-08T22:15:59.822Z,0
CVE-2025-0282,https://securityvulnerability.io/vulnerability/CVE-2025-0282,Stack-Based Buffer Overflow in Ivanti Connect Secure and Policy Secure,"A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways, prior to designated versions. This flaw allows a remote unauthenticated attacker to execute arbitrary code on the affected systems, posing significant risks to security and data integrity. Users are advised to upgrade to the latest versions of these products to mitigate potential exploitation.",Ivanti,"Connect Secure,Policy Secure,Neurons For Zta Gateways",9,CRITICAL,0.15324999392032623,true,2025-01-08T00:00:00.000Z,true,true,true,2025-01-08T00:00:00.000Z,true,true,true,2025-01-09T13:52:02.562Z,2025-01-08T22:15:09.386Z,31760
CVE-2024-11634,https://securityvulnerability.io/vulnerability/CVE-2024-11634,Remote Code Execution Vulnerability Affects Ivanti Connect Secure,"A command injection vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure that allows an authenticated remote attacker with administrative privileges to execute arbitrary commands on the server. This can lead to unauthorized access or manipulation of sensitive data, significantly compromising the integrity and confidentiality of the affected systems. The issue is associated with specific versions, prompting urgent action to mitigate potential risks. It is critical for administrators to review their deployments and apply the necessary updates to safeguard against this vulnerability.",Ivanti,"Connect Secure,Policy Secure",7.2,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-12-10T18:48:29.024Z,0
CVE-2024-11006,https://securityvulnerability.io/vulnerability/CVE-2024-11006,Command Injection Vulnerability in Ivanti Connect Secure and Policy Secure,A command injection vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure. This security flaw allows a remote authenticated attacker with administrative privileges to execute arbitrary code on the affected systems. Organizations utilizing these products are urged to update to the latest versions to mitigate potential exploitation. Failure to act could lead to unauthorized access and control over critical systems.,Ivanti,"Connect Secure,Policy Secure",7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-12T17:15:00.000Z,0
CVE-2024-11004,https://securityvulnerability.io/vulnerability/CVE-2024-11004,Reflected XSS Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A reflected XSS vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure, where an unauthenticated remote attacker can exploit the flaw to gain administrative control. The attack requires user interaction, thereby posing a significant risk to users who may unknowingly interact with a malicious link crafted by an attacker.",Ivanti,"Connect Secure,Policy Secure",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-12T17:15:00.000Z,0
CVE-2024-11005,https://securityvulnerability.io/vulnerability/CVE-2024-11005,Command Injection Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A command injection vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure prior to specified versions, allowing remote authenticated attackers with administrative privileges to execute arbitrary commands on the affected system. This vulnerability poses a significant risk as it may lead to unauthorized system access and control, emphasizing the importance of updating to the latest secure versions.",Ivanti,"Connect Secure,Policy Secure",7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-12T17:15:00.000Z,0
CVE-2024-47909,https://securityvulnerability.io/vulnerability/CVE-2024-47909,Stack-Based Buffer Overflow in Ivanti Connect Secure and Policy Secure Products,"A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure, affecting versions prior to 22.7R2.3 and 22.7R1.2, respectively. This issue permits a remote authenticated attacker with administrative privileges to exploit the flaw, leading to potential denial of service conditions. Prompt updates are recommended to mitigate risks associated with this vulnerability.",Ivanti,"Connect Secure,Policy Secure",4.9,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-12T16:15:00.000Z,0
CVE-2024-9420,https://securityvulnerability.io/vulnerability/CVE-2024-9420,Use-After-Free Vulnerability in Ivanti Connect Secure and Policy Secure,"A use-after-free vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure, which allows remote authenticated attackers to execute arbitrary code remotely. This flaw affects versions prior to 22.7R2.3 for Ivanti Connect Secure and below 22.7R1.2 for Ivanti Policy Secure. Due to this vulnerability, an attacker can exploit the flaw to manipulate system memory, potentially leading to unauthorized access and control over affected systems. Organizations using these products should prioritize patching to mitigate potential risks associated with this vulnerability.",Ivanti,"Connect Secure,Policy Secure",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-11-12T16:15:00.000Z,0
CVE-2024-8495,https://securityvulnerability.io/vulnerability/CVE-2024-8495,Null Pointer Dereference in Ivanti Connect Secure and Ivanti Policy Secure Products,"A null pointer dereference vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.1 and Ivanti Policy Secure prior to version 22.7R1.1. This flaw permits remote unauthenticated attackers to exploit the vulnerability, potentially leading to a denial of service condition. Organizations are urged to update their systems to the latest versions to mitigate the risk associated with this vulnerability.",Ivanti,"Connect Secure,Policy Secure",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-12T16:15:00.000Z,0
CVE-2024-11007,https://securityvulnerability.io/vulnerability/CVE-2024-11007,Remote Code Execution Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A command injection vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1. This flaw permits a remote authenticated attacker, possessing administrative privileges, to execute arbitrary code on the affected systems. Notably, this vulnerability does not impact versions 9.1Rx. Given the nature of this vulnerability, attackers could exploit it to gain unauthorized access and manipulate sensitive operations, making it critical for organizations using these Ivanti products to implement the necessary updates and security measures promptly.",Ivanti,"Connect Secure,Policy Secure",7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-12T16:15:00.000Z,0
CVE-2024-47906,https://securityvulnerability.io/vulnerability/CVE-2024-47906,Security Flaw in Ivanti Connect Secure and Ivanti Policy Secure,"A vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure that enables a local authenticated attacker to escalate privileges due to excessive binary privileges. This issue impacts versions prior to Ivanti Connect Secure 22.7R2.3 and Ivanti Policy Secure 22.7R1.2, with the exception of version 9.1Rx. Organizations using these affected versions may be at risk, as the flaw could allow an attacker with local access to gain elevated privileges within the affected systems, potentially compromising sensitive data and access controls.",Ivanti,"Connect Secure,Policy Secure",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T16:15:00.000Z,0
CVE-2024-29205,https://securityvulnerability.io/vulnerability/CVE-2024-29205,Remote Attacker Can Cause Service Disruptions with Improper Check for Unusual or Exceptional Conditions Vulnerability,"An improper check for unusual or exceptional conditions exists in the web component of Ivanti Connect Secure and Ivanti Policy Secure. This flaw allows remote unauthenticated attackers to exploit the vulnerability by sending specially crafted requests to the affected systems, potentially leading to service disruptions. Entities using these products should be aware of the risk and take necessary measures to secure their environments against potential exploitation by malicious actors.",Ivanti,"Connect Secure,Policy Secure",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-25T06:15:00.000Z,0
CVE-2024-21894,https://securityvulnerability.io/vulnerability/CVE-2024-21894,"Ivanti Connect Secure Suffers from Heap Overflow Vulnerability, Leading to DoS Attacks","Vulnerability CVE-2024-21894 affects Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure and allows an unauthenticated attacker to crash the service, leading to a denial-of-service (DoS) attack. In certain conditions, this vulnerability may also result in the execution of arbitrary code. It is part of a group of vulnerabilities that include heap overflow, null pointer dereference, and XML entity expansion, which pose serious threats to the security of the affected software. Ivanti has released patches to address these vulnerabilities and organizations are strongly recommended to apply these updates as soon as possible to mitigate the risk. No evidence of exploitation by threat actors, including ransomware groups, has been reported so far.",Ivanti,"Connect Secure,Policy Secure",9.8,CRITICAL,0.000910000002477318,false,,true,true,true,2024-04-03T18:29:32.000Z,true,false,false,,2024-04-04T23:15:00.000Z,0
CVE-2024-22053,https://securityvulnerability.io/vulnerability/CVE-2024-22053,Heap Overflow Vulnerability in Ivanti Connect Secure Allows for DoS Attacks and Memory Reads,"A heap overflow vulnerability exists in the IPSec component of Ivanti Connect Secure and Ivanti Policy Secure. This issue allows unauthenticated users to craft and send specific requests to the affected services. As a result, this could lead to service crashes, effectively causing a Denial of Service (DoS), and in certain scenarios, may allow malicious actors to read sensitive memory contents. It is crucial for organizations using these products to assess their security posture and implement necessary mitigations.",Ivanti,"Connect Secure,Policy Secure",8.2,HIGH,0.0004600000102072954,false,,true,false,false,,,false,false,,2024-04-04T20:15:00.000Z,0
CVE-2024-22052,https://securityvulnerability.io/vulnerability/CVE-2024-22052,Ivanti Connect Secure Vulnerability Could Lead to DoS Attacks,"The Ivanti Connect Secure and Policy Secure Gateways are impacted by multiple vulnerabilities, including heap overflow, null pointer dereference, and XML entity expansion flaws. These vulnerabilities could allow unauthenticated attackers to launch denial-of-service (DoS) attacks or execute arbitrary code. Ivanti has released security updates to mitigate these risks, with a strong recommendation to apply the patches with the highest priority. While there is no evidence of these vulnerabilities being exploited in the wild, organizations are advised to bolster monitoring and detection capabilities to identify any related suspicious activity. Overall, these vulnerabilities pose a significant threat to the availability of information security.",Ivanti,"Connect Secure,Policy Secure",7.5,HIGH,0.0004600000102072954,false,,true,false,false,,,false,false,,2024-04-04T20:15:00.000Z,0
CVE-2024-22023,https://securityvulnerability.io/vulnerability/CVE-2024-22023,Ivanti Connect Secure XML Entity Expansion Vulnerability Could Lead to Limited-Time DoS,"An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. ",Ivanti,"Connect Secure,Policy Secure",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-04-04T20:15:00.000Z,0