📦

policy_secure

Vendor: ivanti

Login to add this product to WatchStack
Actively Exploited 8 CISA KEV List
PoC / Exploits 8 Code Available
Total RCEs 21 Remote Access
Total CVEs 107 Total Indexed
Avg. EPSS 15.51% Exploit Prob.
Latest CVE CVE-2025-8712 Sep 09

Security Vulnerability Index

Page 5 / 11
9.1 CVSS
CVE-2024-11005
RCE

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

EPSS: 22.17%
6.1 CVSS
CVE-2024-11004

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

EPSS: 0.37%
8.8 CVSS
CVE-2024-9420
RCE

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution

EPSS: 18.64%
7.5 CVSS
CVE-2024-8495

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

EPSS: 5.08%
4.9 CVSS
CVE-2024-47909
RCE

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

EPSS: 1.62%
7.8 CVSS
CVE-2024-47906

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

EPSS: 0.37%
4.9 CVSS
CVE-2024-47905
RCE

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

EPSS: 1.62%
9.1 CVSS
CVE-2024-11007
RCE

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

EPSS: 22.17%
8.8 CVSS
CVE-2024-37404
RCE

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.

EPSS: 84.35%
9.8 CVSS
CVE-2024-21894

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code

EPSS: 7.94%