Primary

Context

Ivanti Products Missing Authorization Vulnerability Allowing Configuration of Restricted Settings

Vulnerability

Patched

A vulnerability exists in multiple Ivanti products, including Ivanti Connect Secure (versions prior to 22.7R2.9 or 22.8R2), Ivanti Policy Secure (versions prior to 22.7R1.6), Ivanti ZTA Gateway (versions prior to 22.8R2.3-723), and Ivanti Neurons for Secure Access (versions prior to 22.8R1.4). This vulnerability stems from missing authorization, which allows remote authenticated attackers with read-only admin privileges to configure restricted settings.

Impact

Exploitation of this vulnerability could lead to unauthorized configuration changes in restricted settings, potentially allowing for further exploitation or misuse of the affected application.

Remediation

Users can update to Ivanti Connect Secure version 22.7R2.9 or 22.8R2, Ivanti Policy Secure version 22.7R1.6, Ivanti ZTA Gateway version 22.8R2.3-723, or Ivanti Neurons for Secure Access version 22.8R1.4 to address this vulnerability.

Added: Sep 9, 2025, 4:18 PM

Updated: Sep 9, 2025, 4:32 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Products Missing Authorization Vulnerability Allowing Configuration of Restricted Settings

Vulnerability

Impact

Remediation

Affected Products

Ivanti Connect Secure

Ivanti Policy Secure

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating