Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.
2025-07-08T15:15:31.103
2025-07-15T13:23:45.850
Analyzed
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CVSSv3.1: 6.3 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ivanti | connect_secure | < 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | connect_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | < 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |
| Application | ivanti | policy_secure | 22.7 | Yes |