📦 Zero Trust Access Gateway
by Ivanti
🔍 What is Zero Trust Access Gateway?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
A stack-based buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways allows remote unauthenticated attackers to execute arbitrary code on affected systems. This affect...
This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in multiple Ivanti security products that allows an unauthenticated remote attacker to trick authenticated users into performing se...
This vulnerability allows authenticated remote attackers to hijack existing HTML5 connections in Ivanti secure access products. It affects organizations using Ivanti Connect Secure, Policy Secure, ZTA...
This CVE describes a missing authorization vulnerability in Ivanti security products that allows authenticated users with read-only admin privileges to modify authentication settings. Attackers could ...
A heap-based buffer overflow vulnerability in Ivanti secure access products allows remote unauthenticated attackers to trigger denial of service. This affects Ivanti Connect Secure, Policy Secure, ZTA...
This XXE vulnerability in Ivanti's SAML implementation allows attackers to access restricted resources without authentication by processing malicious XML entities. It affects Ivanti Connect Secure, Iv...
This is a Cross-Site Request Forgery (CSRF) vulnerability affecting multiple Ivanti secure access products. It allows remote unauthenticated attackers to perform limited actions on behalf of authentic...
This CVE describes a missing authorization vulnerability in Ivanti secure access products that allows authenticated users with read-only admin privileges to modify restricted configuration settings. T...
This CVE describes a missing authorization vulnerability in Ivanti secure access products that allows authenticated users with read-only admin privileges to modify restricted configuration settings. A...
This reflected text injection vulnerability in Ivanti secure access products allows unauthenticated attackers to inject arbitrary text into HTTP responses. Attackers can craft malicious links that, wh...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in multiple Ivanti security products that allows authenticated administrators to enumerate internal services. Attackers with admin...
This vulnerability allows authenticated local attackers to read arbitrary files on disk through improper symbolic link handling in Ivanti secure access products. It affects Ivanti Connect Secure, Poli...