Volerion logoVolerion
Volerion logoVolerion

Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access Missing Authorization Vulnerability

Vulnerability

A missing authorization vulnerability has been identified in multiple Ivanti products, including Ivanti Connect Secure (prior to 22.7R2.9 or 22.8R2), Ivanti Policy Secure (prior to 22.7R1.6), Ivanti ZTA Gateway (prior to 2.8R2.3-723), and Ivanti Neurons for Secure Access (prior to 22.8R1.4). This vulnerability allows remote authenticated attackers with read-only admin privileges to configure restricted settings. The issue has been addressed in the respective products' latest versions.

Impact

Exploitation of this vulnerability could lead to unauthorized configuration of restricted settings, potentially allowing for mismanagement of application or network policies.

Remediation

Users of Ivanti Connect Secure should update to version 22.7R2.9 or 22.8R2. Users of Ivanti Policy Secure should update to version 22.7R1.5. Version 22.8R2.3-723 is available for ZTA Gateways. For Ivanti Neurons for Secure Access, the fix has been applied to cloud environments as of August 2, 2025.

Added: Sep 9, 2025, 4:19 PM
Updated: Sep 9, 2025, 4:34 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
1.9
exploitability
5.4
remediation
7.9
relevance
0.5
threat
0.1
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.