Volerion logoVolerion
Volerion logoVolerion

Ivanti Products Missing Authorization Vulnerability Allowing Configuration of Authentication Settings

Vulnerability

A missing authorization vulnerability has been identified in multiple Ivanti products, including Ivanti Connect Secure (versions prior to 22.7R2.9 or 22.8R2), Ivanti Policy Secure (versions prior to 22.7R1.6), Ivanti ZTA Gateway (versions prior to 2.8R2.3-723) and Ivanti Neurons for Secure Access (versions prior to 22.8R1.4). This vulnerability allows remote authenticated attackers with read-only admin privileges to configure authentication-related settings.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in authentication settings, potentially allowing for further exploitation or misconfiguration of the affected system.

Remediation

Users of Ivanti Connect Secure should update to version 22.7R2.9 or 22.8R2. Users of Ivanti Policy Secure should update to version 22.7R1.5. Version 22.8R2.3-723 is available for ZTA Gateways. For Ivanti Neurons for Secure Access, the fix has been applied to cloud environments.

Added: Sep 9, 2025, 4:24 PM
Updated: Sep 9, 2025, 4:39 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
5.0
exploitability
5.4
remediation
7.9
relevance
0.5
threat
0.1
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.