Ivanti Connect Secure 22.7 R2.5

CPE Details

Ivanti Connect Secure 22.7 R2.5
ivanti
connect_secure
22.7
2025-02-20
12h42 +00:00
2025-02-20
12h42 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:ivanti:connect_secure:22.7:r2.5:*:*:*:*:*:*

Informations

Vendor

ivanti

Product

connect_secure

Version

22.7

Update

r2.5

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2025-22457 2025-04-03 15h20 +00:00 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
9.8
Critique
CVE-2024-13843 2025-02-11 15h26 +00:00 Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
6
Moyen
CVE-2024-13842 2025-02-11 15h25 +00:00 A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
6
Moyen
CVE-2024-13830 2025-02-11 15h22 +00:00 Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
6.1
Moyen
CVE-2025-22467 2025-02-11 15h20 +00:00 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
9.9
Critique
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.