CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-10644

CVSS 9.1v3.1pub. 2025-02-11upd. 2025-07-14

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Ivanti Connect Secure

    APP
    Ivanti
    22.7< 22.7
  • Ivanti Policy Secure

    APP
    Ivanti
    22.7< 22.7
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-22457CRITICAL9.0⚠ KEVPL ✓ten sam produkt

Stack-based buffer overflow w Ivanti Connect Secure, Policy Secure i ZTA Gateways umożliwiający RCE

CVE-2025-0282CRITICAL9.0⚠ KEVPL ✓ten sam produkt

Stack-based buffer overflow RCE w Ivanti Connect Secure, Policy Secure i Neurons for ZTA

CVE-2024-21887CRITICAL9.1⚠ KEVPL ✓ten sam produkt

Command injection w Ivanti Connect Secure i Policy Secure — RCE jako administrator

CVE-2021-22893CRITICAL10.0⚠ KEVten sam produkt

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by...

CVE-2019-11510CRITICAL10.0⚠ KEVten sam produkt

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an...