Vulnerabilities > Ivanti > Connect Secure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-11 | CVE-2024-13830 | Cross-site Scripting vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. | 6.1 |
| 2025-02-11 | CVE-2024-13842 | Use of Hard-coded Cryptographic Key vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | 4.4 |
| 2025-02-11 | CVE-2024-13843 | Cleartext Storage of Sensitive Information vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | 4.4 |
| 2025-02-11 | CVE-2025-22467 | Stack-based Buffer Overflow vulnerability in Ivanti Connect Secure A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. | 8.8 |
| 2025-01-08 | CVE-2025-0282 | Out-of-bounds Write vulnerability in Ivanti products A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | 9.0 |
| 2025-01-08 | CVE-2025-0283 | Out-of-bounds Write vulnerability in Ivanti Connect Secure 7.1/7.4 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. | 7.0 |
| 2024-12-10 | CVE-2024-11633 | Argument Injection or Modification vulnerability in Ivanti Connect Secure Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution | 7.2 |
| 2024-12-10 | CVE-2024-11634 | Command Injection vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-12-10 | CVE-2024-9844 | Unspecified vulnerability in Ivanti Connect Secure Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. | 8.8 |
| 2024-11-12 | CVE-2024-11004 | Cross-site Scripting vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. | 6.1 |