Ivanti Connect_secure
130 CVEs affecting Ivanti Connect_secure. Latest disclosed: 2025-09-09. Critical: 22, High: 59.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-22893 | Critical | 10.0 | 2021-04-23 | Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure… |
CVE-2019-11510 | Critical | 10.0 | 2019-05-08 | In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a speci… |
CVE-2016-4787 | Critical | 10.0 | 2016-05-26 | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authe… |
CVE-2025-22467 | Critical | 9.9 | 2025-02-11 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. |
CVE-2024-21894 | Critical | 9.8 | 2024-04-04 | A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send… |
CVE-2018-20813 | Critical | 9.8 | 2019-06-28 | An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2. |
CVE-2018-20810 | Critical | 9.8 | 2019-06-28 | Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and P… |
CVE-2019-11540 | Critical | 9.8 | 2019-04-26 | In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX befor… |
CVE-2018-6320 | Critical | 9.8 | 2018-09-06 | A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure… |
CVE-2024-10644 | Critical | 9.1 | 2025-02-11 | Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with ad… |
CVE-2024-11634 | Critical | 9.1 | 2024-12-10 | Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with… |
CVE-2024-11633 | Critical | 9.1 | 2024-12-10 | Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code executi… |
CVE-2024-39712 | Critical | 9.1 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated… |
CVE-2024-39711 | Critical | 9.1 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticate… |
CVE-2024-39710 | Critical | 9.1 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated… |
CVE-2024-38656 | Critical | 9.1 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated… |
CVE-2024-11006 | Critical | 9.1 | 2024-11-12 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable t… |
CVE-2024-11005 | Critical | 9.1 | 2024-11-12 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable t… |
CVE-2024-11007 | Critical | 9.1 | 2024-11-12 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable t… |
CVE-2024-21887 | Critical | 9.1 | 2024-01-12 | A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administ… |