A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.
2024-04-04T20:15:08.500
2024-11-21T08:55:28.270
Modified
CVSSv3.1: 8.2 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 22.1 | Yes |
| Application | ivanti | connect_secure | 22.2 | Yes |
| Application | ivanti | connect_secure | 22.3 | Yes |
| Application | ivanti | connect_secure | 22.4 | Yes |
| Application | ivanti | connect_secure | 22.5 | Yes |
| Application | ivanti | connect_secure | 22.6 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 22.1 | Yes |
| Application | ivanti | policy_secure | 22.2 | Yes |
| Application | ivanti | policy_secure | 22.3 | Yes |
| Application | ivanti | policy_secure | 22.4 | Yes |
| Application | ivanti | policy_secure | 22.5 | Yes |
| Application | ivanti | policy_secure | 22.6 | Yes |