Volerion logoVolerion
Volerion logoVolerion

Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access Missing Authorization Vulnerability

Vulnerability

A missing authorization vulnerability has been identified in multiple Ivanti products, including Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access, all prior to their respective patched versions. This vulnerability allows remote authenticated attackers with read-only admin privileges to configure restricted settings. The issue arises from inadequate authorization checks, enabling attackers to manipulate certain configurations despite their limited access rights.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in configuration settings, potentially allowing attackers to modify aspects of the application or service that should be restricted.

Remediation

Users of Ivanti Connect Secure should update to version 22.7R2.9 or 22.8R2. Version 22.8R2.3-723 is available for ZTA Gateways. For Ivanti Neurons for Secure Access, the fix has been applied to cloud environments. Ivanti Policy Secure users should update to version 22.7R1.5.

Added: Sep 9, 2025, 4:22 PM
Updated: Sep 9, 2025, 4:36 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
0.6
exploitability
5.4
remediation
7.9
relevance
0.5
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.