Ivanti Connect Secure
Easy fix3 remedies
cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*
Easy fix3 remedies
- <= 22.7R2.8
Ivanti Products Cross-Site Request Forgery Vulnerability
Vulnerability
Patched
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in multiple Ivanti products, including Ivanti Connect Secure versions prior to 22.7R2.9 or 22.8R2, Ivanti Policy Secure versions prior to 22.7R1.6, Ivanti ZTA Gateway versions prior to 2.8R2.3-723, and Ivanti Neurons for Secure Access versions prior to 22.8R1.4. This vulnerability allows remote unauthenticated attackers to perform limited actions on behalf of the victim user, requiring user interaction.
Impact
Exploitation of this vulnerability allows remote unauthenticated attackers to execute limited actions on behalf of the victim user, potentially leading to unauthorized changes or actions within the application.
Remediation
Users of Ivanti Connect Secure should update to version 22.7R2.9 or 22.8R2. Users of Ivanti Policy Secure should update to version 22.7R1.5. For Ivanti ZTA Gateways, version 22.8R2.3-723 is available for download from the controller. Ivanti Neurons for Secure Access has already applied the fix in cloud environments.
Added: Sep 9, 2025, 4:18 PM
Updated: Sep 9, 2025, 4:33 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
0.6exploitability
6.5remediation
7.9relevance
0.5threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.