Filtered by vendor Ivanti
Subscriptions
Filtered by product Connect Secure
Subscriptions
Total
74 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-35258 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2024-02-27 | 7.5 High |
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. | ||||
CVE-2021-22935 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | 7.2 High |
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. | ||||
CVE-2016-4787 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | N/A |
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors. | ||||
CVE-2016-4788 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | N/A |
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. | ||||
CVE-2016-4789 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | N/A |
Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2016-4790 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | N/A |
Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2016-4791 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | N/A |
The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors. | ||||
CVE-2016-4792 | 1 Ivanti | 1 Connect Secure | 2024-02-27 | N/A |
Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. | ||||
CVE-2017-11455 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-02-27 | N/A |
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. | ||||
CVE-2018-14366 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-02-27 | N/A |
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. | ||||
CVE-2018-20811 | 1 Ivanti | 1 Connect Secure | 2024-02-27 | N/A |
A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12. | ||||
CVE-2018-20807 | 1 Ivanti | 1 Connect Secure | 2024-02-27 | N/A |
An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly. | ||||
CVE-2024-22024 | 1 Ivanti | 3 Connect Secure, Policy Secure, Zero Trust Access | 2024-02-13 | 8.3 High |
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. | ||||
CVE-2024-21888 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-01-31 | 8.8 High |
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. |