Vulnerabilities > Ivanti > Connect Secure > 7.4

DATE CVE VULNERABILITY TITLE RISK
2022-12-05 CVE-2022-35254 Resource Exhaustion vulnerability in Ivanti Connect Secure and Policy Secure
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
network
low complexity
ivanti CWE-400
7.5
7.5
2022-12-05 CVE-2022-35258 Incorrect Calculation vulnerability in Ivanti Connect Secure and Policy Secure
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
network
low complexity
ivanti CWE-682
7.5
7.5
2019-05-08 CVE-2019-11508 Path Traversal vulnerability in multiple products
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.
network
low complexity
pulsesecure ivanti CWE-22
7.2
7.2