cbcvebase.

Ivanti Connect Secure vulnerabilities

130 known vulnerabilities affecting ivanti/connect_secure.

Total CVEs
130
CISA KEV
14
actively exploited
Public exploits
14
Exploited in wild
19
Severity breakdown
CRITICAL15HIGH67MEDIUM46LOW2

Vulnerabilities

Page 7 of 7
CVE-2020-8261P4MEDIUMCVSS 4.3v9.12020-10-28
CVE-2020-8261 [MEDIUM] CWE-120 CVE-2020-8261: A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
nvd
CVE-2016-4790P4MEDIUMCVSS 5.5v8.1v8.0+1 more2016-05-26
CVE-2016-4790 [MEDIUM] CWE-79 CVE-2016-4790: Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secur Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2025-5464P4MEDIUMCVSS 5.5fixed in 22.7v22.72025-07-08
CVE-2025-5464 [MEDIUM] CWE-532 CVE-2025-5464: Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.
nvd
CVE-2025-5463P4MEDIUMCVSS 5.5fixed in 22.7v22.72025-07-08
CVE-2025-5463 [MEDIUM] CWE-532 CVE-2025-5463: Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.
nvd
CVE-2018-14366P4MEDIUMCVSS 6.1v8.1v8.32018-09-06
CVE-2018-14366 [MEDIUM] CWE-601 CVE-2018-14366: download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pul download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.
nvd
CVE-2020-8216P4MEDIUMCVSS 4.3v9.12020-07-30
CVE-2020-8216 [MEDIUM] CWE-200 CVE-2020-8216: An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authent An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.
nvd
CVE-2024-13842P4MEDIUMCVSS 4.4≤ 22.7v22.72025-02-11
CVE-2024-13842 [MEDIUM] CWE-321 CVE-2024-13842: A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before ver A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
nvd
CVE-2024-13843P4MEDIUMCVSS 4.4≤ 22.7v22.72025-02-11
CVE-2024-13843 [MEDIUM] CWE-312 CVE-2024-13843: Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
nvd
CVE-2025-0293P4LOWCVSS 2.7fixed in 22.7v22.72025-07-08
CVE-2025-0293 [LOW] CWE-93 CVE-2025-0293: CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before vers CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
nvd
CVE-2025-5450P4LOWCVSS 2.7fixed in 22.7v22.72025-07-08
CVE-2025-5450 [LOW] CWE-602 CVE-2025-5450: Improper access control in the certificate management component of Ivanti Connect Secure before vers Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.
nvd
Ivanti Connect Secure vulnerabilities | cvebase