Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
2025-02-11T16:15:39.667
2025-02-20T15:55:03.547
Analyzed
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CVSSv3.1: 6.0 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ivanti | connect_secure | ≤ 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | ≤ 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |