📦 Policy Secure
by Ivanti
🔍 What is Policy Secure?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
A stack-based buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways allows remote unauthenticated attackers to execute arbitrary code on affected systems. This affect...
This vulnerability allows remote authenticated administrators to inject malicious code into Ivanti Connect Secure and Policy Secure systems, leading to remote code execution. Organizations using affec...
A stack-based buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways allows remote unauthenticated attackers to execute arbitrary code. This affects organi...
This vulnerability allows authenticated administrators to inject malicious arguments into Ivanti Connect Secure and Policy Secure systems, leading to remote code execution. Attackers with admin creden...
This vulnerability allows authenticated administrators to inject malicious arguments into Ivanti Connect Secure and Policy Secure systems, leading to remote code execution. Attackers with admin privil...
This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary code on Ivanti Connect Secure and Policy Secure gateways through argument injection. Attackers can a...
This CVE describes a command injection vulnerability in Ivanti Connect Secure and Policy Secure that allows authenticated administrators to execute arbitrary commands on the underlying system. Attacke...
This CVE describes a command injection vulnerability in Ivanti Connect Secure and Ivanti Policy Secure that allows authenticated administrators to execute arbitrary commands on the underlying system. ...
A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure and Policy Secure gateways allows unauthenticated attackers to send specially crafted requests to crash the service, causi...
This is a command injection vulnerability in Ivanti Connect Secure and Policy Secure gateways that allows authenticated administrators to execute arbitrary commands on the appliance. Attackers can cha...
This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in multiple Ivanti security products that allows an unauthenticated remote attacker to trick authenticated users into performing se...
This vulnerability allows authenticated remote attackers to hijack existing HTML5 connections in Ivanti secure access products. It affects organizations using Ivanti Connect Secure, Policy Secure, ZTA...
This CVE describes a missing authorization vulnerability in Ivanti security products that allows authenticated users with read-only admin privileges to modify authentication settings. Attackers could ...
A heap-based buffer overflow vulnerability in Ivanti secure access products allows remote unauthenticated attackers to trigger denial of service. This affects Ivanti Connect Secure, Policy Secure, ZTA...
An out-of-bounds read vulnerability in the IPsec implementation of Ivanti Connect Secure allows remote unauthenticated attackers to cause denial of service by crashing the service. This affects all Iv...
This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary code on Ivanti Connect Secure and Policy Secure gateways through argument injection. Organizations u...
A use-after-free vulnerability in Ivanti Connect Secure and Policy Secure allows authenticated remote attackers to execute arbitrary code on affected systems. This affects organizations using vulnerab...
This vulnerability allows local authenticated attackers to escalate privileges on Ivanti Connect Secure and Policy Secure appliances. Attackers with existing local access can gain higher privileges th...
A null pointer dereference vulnerability in the IPSec component of Ivanti Connect Secure and Policy Secure gateways allows unauthenticated attackers to send specially crafted requests that crash the s...
This XXE vulnerability in Ivanti's SAML implementation allows attackers to access restricted resources without authentication by processing malicious XML entities. It affects Ivanti Connect Secure, Iv...
This vulnerability allows authenticated users of Ivanti Connect Secure and Ivanti Policy Secure to escalate their privileges to administrator level. It affects all users of these products with standar...
This is a Cross-Site Request Forgery (CSRF) vulnerability affecting multiple Ivanti secure access products. It allows remote unauthenticated attackers to perform limited actions on behalf of authentic...
This CVE describes a missing authorization vulnerability in Ivanti secure access products that allows authenticated users with read-only admin privileges to modify restricted configuration settings. T...
This CVE describes a missing authorization vulnerability in Ivanti secure access products that allows authenticated users with read-only admin privileges to modify restricted configuration settings. A...
This reflected text injection vulnerability in Ivanti secure access products allows unauthenticated attackers to inject arbitrary text into HTTP responses. Attackers can craft malicious links that, wh...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in multiple Ivanti security products that allows authenticated administrators to enumerate internal services. Attackers with admin...
This vulnerability allows authenticated local attackers to read arbitrary files on disk through improper symbolic link handling in Ivanti secure access products. It affects Ivanti Connect Secure, Poli...
This vulnerability allows authenticated administrators on Ivanti Policy Secure to read arbitrary files through specially crafted web requests. It affects all versions below 22.6R1, potentially exposin...
This SSRF vulnerability in Ivanti Connect Secure and Policy Secure allows authenticated administrators to make requests to internal network services from the vulnerable appliance. Attackers with admin...
This vulnerability allows local authenticated attackers to access sensitive information that was improperly logged in Ivanti Connect Secure and Policy Secure systems. Attackers with valid local creden...
This vulnerability allows authenticated administrators with read-only permissions to modify restricted settings in Ivanti Connect Secure and Ivanti Policy Secure. Attackers with compromised admin cred...
This vulnerability allows remote authenticated attackers with admin privileges to write arbitrary files by controlling file names in Ivanti Connect Secure and Policy Secure. Attackers could potentiall...
This reflected cross-site scripting (XSS) vulnerability in Ivanti Connect Secure and Policy Secure allows remote unauthenticated attackers to execute malicious scripts in victims' browsers. When explo...
This vulnerability allows local authenticated administrators on Ivanti Connect Secure and Policy Secure systems to read sensitive data stored in cleartext. It affects organizations using these Ivanti ...
This vulnerability allows remote authenticated attackers with admin privileges to read arbitrary files on Ivanti Connect Secure and Policy Secure appliances. Attackers can exploit external control of ...
A stack-based buffer overflow vulnerability in Ivanti Connect Secure and Policy Secure allows remote authenticated administrators to cause denial of service. This affects organizations using these pro...