Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Ivanti Subscribe
Filtered by product Connect Secure
Total 78 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22933 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2024-02-27 5.5 MEDIUM 6.5 MEDIUM
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
CVE-2020-8206 2 Ivanti, Pulsesecure 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more 2024-02-27 6.8 MEDIUM 8.1 HIGH
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
CVE-2018-14366 2 Ivanti, Pulsesecure 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure 2024-02-27 5.8 MEDIUM 6.1 MEDIUM
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.
CVE-2018-20810 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Policy Secure 2024-02-27 7.5 HIGH 9.8 CRITICAL
Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.
CVE-2021-22894 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2024-02-27 9.0 HIGH 8.8 HIGH
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.
CVE-2020-8217 2 Ivanti, Pulsesecure 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more 2024-02-27 3.5 LOW 5.4 MEDIUM
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.
CVE-2020-8238 2 Ivanti, Pulsesecure 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more 2024-02-27 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).
CVE-2019-11543 2 Ivanti, Pulsesecure 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure 2024-02-27 4.3 MEDIUM 6.1 MEDIUM
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
CVE-2019-11538 1 Ivanti 1 Connect Secure 2024-02-27 4.0 MEDIUM 7.7 HIGH
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.
CVE-2019-11539 2 Ivanti, Pulsesecure 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure 2024-02-27 6.5 MEDIUM 7.2 HIGH
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
CVE-2019-11541 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2024-02-27 5.0 MEDIUM 7.5 HIGH
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.
CVE-2021-22893 1 Ivanti 1 Connect Secure 2024-02-27 7.5 HIGH 10.0 CRITICAL
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
CVE-2020-12880 2 Ivanti, Pulsesecure 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more 2024-02-27 2.1 LOW 5.5 MEDIUM
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.)
CVE-2021-22935 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2024-02-27 6.5 MEDIUM 7.2 HIGH
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
CVE-2019-11540 2 Ivanti, Pulsesecure 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure 2024-02-27 7.5 HIGH 9.8 CRITICAL
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
CVE-2021-22936 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2024-02-27 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
CVE-2024-22024 1 Ivanti 3 Connect Secure, Policy Secure, Zero Trust Access 2024-02-13 N/A 8.3 HIGH
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
CVE-2024-21888 1 Ivanti 2 Connect Secure, Policy Secure 2024-02-05 N/A 8.8 HIGH
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.