Primary

Context

Ivanti Connect Secure and Ivanti Policy Secure Improper Access Control Vulnerability in Certificate Management Component

Vulnerability

Patched

A vulnerability exists in the certificate management component of Ivanti Connect Secure (ICS) versions through 22.7R2.7 and Ivanti Policy Secure (IPS) versions through 22.7R1.4). This vulnerability allows a remote authenticated admin with read-only rights to modify settings that should be restricted, due to improper access control.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of settings in the certificate management component, potentially allowing for misconfigurations or other administrative issues.

Remediation

Users can upgrade to Ivanti Connect Secure 22.7R2.8 or Ivanti Policy Secure 22.7R1.5. These versions are available on the Ivanti Download Portal.

Added: Jul 8, 2025, 5:32 PM

Updated: Jul 8, 2025, 5:32 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Connect Secure and Ivanti Policy Secure Improper Access Control Vulnerability in Certificate Management Component

Vulnerability

Impact

Remediation

Affected Products

Ivanti Connect Secure

Ivanti Policy Secure

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating