Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
2025-02-11T16:15:39.363
2025-02-13T17:09:11.660
Analyzed
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CVSSv3.1: 6.1 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ivanti | connect_secure | < 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | < 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |