Primary

Context

Ivanti Connect Secure and Ivanti Policy Secure Sensitive Information Log Injection Vulnerability

Vulnerability

Patched

A vulnerability exists in Ivanti Connect Secure (ICS) versions prior to 22.7R2.8 and Ivanti Policy Secure (IPS) versions prior to 22.7R1.5, allowing local authenticated attackers to access sensitive information inadvertently logged by the application. This issue arises from the improper handling of confidential data, which is written to log files where it can be retrieved by unauthorized users.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, which could be misused or disclosed inappropriately.

Remediation

Users can upgrade to Ivanti Connect Secure version 22.7R2.8 or Ivanti Policy Secure version 22.7R1.5 to address this vulnerability. These versions are available through the Ivanti Download Portal.

Added: Jul 8, 2025, 5:27 PM

Updated: Jul 8, 2025, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Connect Secure and Ivanti Policy Secure Sensitive Information Log Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ivanti Connect Secure

Ivanti Policy Secure

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating