threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ivanti policy secure
Product
ivanti policy secure
77 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-8712
< 22.7
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway
5.4
MEDIUM
CVE-2025-8711
< 22.7
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-7
5.4
MEDIUM
CVE-2025-55148
< 22.7
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway
7.6
HIGH
CVE-2025-55147
< 22.7
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-7
8.8
HIGH
CVE-2025-55146
< 22.7
An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gat
4.9
MEDIUM
CVE-2025-55145
< 22.7
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway
8.9
HIGH
CVE-2025-55144
< 22.7
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway
5.4
MEDIUM
CVE-2025-55143
< 22.7
Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gate
6.1
MEDIUM
CVE-2025-55142
< 22.7
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway
8.8
HIGH
CVE-2025-55141
< 22.7
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway
8.8
HIGH
CVE-2025-55139
< 22.7
SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-7
6.8
MEDIUM
CVE-2025-5468
< 22.7
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1
5.5
MEDIUM
CVE-2025-5466
< 22.7
XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-7
4.9
MEDIUM
CVE-2025-5462
< 22.7
A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA
7.5
HIGH
CVE-2025-5456
< 22.7
A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti
7.5
HIGH
CVE-2023-39339
< 22.6
A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an ar
4.9
MEDIUM
CVE-2025-0293
< 22.7
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote a
6.6
MEDIUM
CVE-2025-0292
< 22.7
SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticat
5.5
MEDIUM
CVE-2025-5463
< 22.7
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure befor
5.5
MEDIUM
CVE-2025-5451
< 22.7
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 al
4.9
MEDIUM
CVE-2025-5450
< 22.7
Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy
6.3
MEDIUM
CVE-2025-22457
< 22.7
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and
9.0
CRITICAL
CVE-2024-38657
< 22.7
External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3
4.9
MEDIUM
CVE-2024-13843
<= 22.7
Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3
6.0
MEDIUM
CVE-2024-13842
<= 22.7
A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local a
6.0
MEDIUM
CVE-2024-13830
< 22.7
Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote un
6.1
MEDIUM
CVE-2024-12058
< 22.7
External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3
6.8
MEDIUM
CVE-2024-10644
< 22.7
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote a
9.1
CRITICAL
CVE-2025-0283
< 22.7
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and
7.0
HIGH
CVE-2025-0282
all versions
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and
9.0
CRITICAL
CVE-2024-37401
< 22.7
An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause
7.5
HIGH
CVE-2024-37377
< 22.7
A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to
7.5
HIGH
CVE-2024-11634
< 22.7
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remot
9.1
CRITICAL
CVE-2024-39712
< 22.7
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1
9.1
CRITICAL
CVE-2024-39711
< 22.7
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1
9.1
CRITICAL
CVE-2024-39710
< 22.7
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1
9.1
CRITICAL
CVE-2024-39709
>= 22.1 and < 22.7
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure befor
7.8
HIGH
CVE-2024-38656
< 22.7
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2
9.1
CRITICAL
CVE-2024-38655
< 22.7
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1
7.2
HIGH
CVE-2024-11006
< 9.1
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before versi
9.1
CRITICAL
CVE-2024-11005
< 9.1
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before versi
9.1
CRITICAL
CVE-2024-11004
< 22.7
Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote un
6.1
MEDIUM
CVE-2024-9420
< 22.7
A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2
8.8
HIGH
CVE-2024-8495
< 22.7
A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allow
7.5
HIGH
CVE-2024-47909
< 22.7
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 al
4.9
MEDIUM
CVE-2024-47906
< 9.1
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure be
7.8
HIGH
CVE-2024-47905
< 22.7
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 al
4.9
MEDIUM
CVE-2024-11007
< 22.7
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before versi
9.1
CRITICAL
CVE-2024-37404
< 22.7
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure befor
8.8
HIGH
CVE-2024-21894
all versions
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthent
9.8
CRITICAL
CVE-2024-22053
all versions
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthent
8.2
HIGH
CVE-2024-22052
all versions
A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows a
7.5
HIGH
CVE-2024-22023
all versions
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allow
5.3
MEDIUM
CVE-2024-22024
all versions
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x,
8.3
HIGH
CVE-2024-21893
all versions
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9
8.2
HIGH
CVE-2024-21888
all versions
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) al
8.8
HIGH
CVE-2024-21887
all versions
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) all
9.1
CRITICAL
CVE-2023-46805
all versions
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attac
8.2
HIGH
CVE-2022-35258
< 9.1
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior
7.5
HIGH
CVE-2022-35254
< 9.1
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior
7.5
HIGH
CVE-2020-8262
all versions
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scriptin
6.1
MEDIUM
CVE-2020-8261
all versions
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
4.3
MEDIUM
CVE-2020-15352
all versions
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 a
7.2
HIGH
CVE-2020-8243
<= 9.0
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom t
7.2
HIGH
CVE-2020-8238
all versions
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow atta
6.1
MEDIUM
CVE-2020-8222
all versions
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator
6.8
MEDIUM
CVE-2020-8221
all versions
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary file
4.9
MEDIUM
CVE-2020-8220
all versions
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command i
6.5
MEDIUM
CVE-2020-8219
all versions
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the passwor
7.2
HIGH
CVE-2020-8218
all versions
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitr
7.2
HIGH
CVE-2020-8217
all versions
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix
5.4
MEDIUM
CVE-2020-8216
all versions
An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeti
4.3
MEDIUM
CVE-2020-8206
all versions
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary creden
8.1
HIGH
CVE-2020-8204
all versions
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
6.1
MEDIUM
CVE-2020-12880
all versions
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulatin
5.5
MEDIUM
CVE-2019-11509
all versions
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pu
8.8
HIGH
CVE-2019-11539
all versions
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8
7.2
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin