vulnerability
Pulse Secure Pulse Connect Secure: Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:M/C:C/I:C/A:C) | Nov 11, 2024 | Nov 14, 2024 | Mar 26, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:M/C:C/I:C/A:C)
Published
Nov 11, 2024
Added
Nov 14, 2024
Modified
Mar 26, 2026
Description
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Solutions
pulse-secure-pulse-connect-secure-upgrade-22_7r2_1pulse-secure-pulse-connect-secure-upgrade-9_1r18_7
References
- CVE-2024-39710
- https://attackerkb.com/topics/CVE-2024-39710
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-38337
- CWE-88
- EUVD-EUVD-2024-38337
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.