Ivanti Connect Secure
Easy fix3 remedies
cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*
Easy fix3 remedies
- <= 22.7R2.8
Ivanti Products Missing Authorization Vulnerability Allowing HTML5 Connection Hijacking
Vulnerability
Patched
A missing authorization vulnerability has been identified in multiple Ivanti products, including Ivanti Connect Secure (versions prior to 22.7R2.9 or 22.8R2), Ivanti Policy Secure (versions prior to 22.7R1.6), Ivanti ZTA Gateway (versions prior to 2.8R2.3-723), and Ivanti Neurons for Secure Access (versions prior to 22.8R1.4). This vulnerability allows remote authenticated attackers to hijack existing HTML5 connections.
Impact
Exploitation of this vulnerability allows for the hijacking of active HTML5 connections, potentially leading to unauthorized access or manipulation of data within those sessions.
Remediation
Users of Ivanti Connect Secure should update to version 22.7R2.9 or 22.8R2. Users of Ivanti Policy Secure should update to version 22.7R1.5. For Ivanti ZTA Gateways, version 22.8R2.3-723 is available for download from the controller. Ivanti Neurons for Secure Access has already applied the fix in cloud environments as of August 2, 2025.
Added: Sep 9, 2025, 4:21 PM
Updated: Sep 9, 2025, 4:36 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
1.3exploitability
5.4remediation
7.9relevance
0.5threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.