Ivanti Policy Secure
52 CVEs affecting Ivanti Policy Secure. Latest disclosed: 2025-09-09. Critical: 14, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-38657 | Critical | 9.1 | 2025-02-21 | External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated… |
CVE-2024-10644 | Critical | 9.1 | 2025-02-11 | Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with ad… |
CVE-2024-11634 | Critical | 9.1 | 2024-12-10 | Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with… |
CVE-2024-38655 | Critical | 9.1 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote… |
CVE-2024-39712 | Critical | 9.1 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated… |
CVE-2024-39711 | Critical | 9.1 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticate… |
CVE-2024-38656 | Critical | 9.1 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated… |
CVE-2024-39710 | Critical | 9.1 | 2024-11-13 | Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated… |
CVE-2024-11005 | Critical | 9.1 | 2024-11-12 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable t… |
CVE-2024-11006 | Critical | 9.1 | 2024-11-12 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable t… |
CVE-2024-11007 | Critical | 9.1 | 2024-11-12 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable t… |
CVE-2024-37404 | Critical | 9.1 | 2024-10-18 | Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote au… |
CVE-2025-22457 | Critical | 9.0 | 2025-04-03 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before ve… |
CVE-2025-0282 | Critical | 9.0 | 2025-01-08 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gatewa… |
CVE-2025-55145 | High | 8.9 | 2025-09-09 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivan… |
CVE-2025-55142 | High | 8.8 | 2025-09-09 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivant… |
CVE-2025-55141 | High | 8.8 | 2025-09-09 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivant… |
CVE-2025-55147 | High | 8.8 | 2025-09-09 | CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Sec… |
CVE-2024-21894 | High | 8.2 | 2024-04-04 | A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send… |
CVE-2024-22053 | High | 8.2 | 2024-04-04 | A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send… |