Ivanti Neurons For Zero-Trust Access vulnerabilities
5 known vulnerabilities affecting ivanti/neurons_for_zero-trust_access.
Total CVEs
5
CISA KEV
2
actively exploited
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH4
Vulnerabilities
Page 1 of 1
CVE-2025-0282CRITICALCVSS 9.0KEVPoCv22.72025-01-08
CVE-2025-0282 [CRITICAL] CWE-121 CVE-2025-0282: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
nvd
CVE-2025-0283HIGHCVSS 7.0PoCv22.2v22.3+4 more2025-01-08
CVE-2025-0283 [HIGH] CWE-121 CVE-2025-0283: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
nvd
CVE-2024-21893HIGHCVSS 8.2KEVPoCv22.2v22.3+3 more2024-01-31
CVE-2024-21893 [HIGH] CWE-918 CVE-2024-21893: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
nvd
CVE-2022-35254HIGHCVSS 7.5v22.22022-12-05
CVE-2022-35254 [HIGH] CWE-416 CVE-2022-35254: An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
nvd
CVE-2022-35258HIGHCVSS 7.5v22.22022-12-05
CVE-2022-35258 [HIGH] CWE-128 CVE-2022-35258: An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
nvd