An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Connect_secure | Ivanti | 9.0 (including) | 9.0 (including) |
| Connect_secure | Ivanti | 9.1-r1 (including) | 9.1-r1 (including) |
| Connect_secure | Ivanti | 9.1-r10 (including) | 9.1-r10 (including) |
| Connect_secure | Ivanti | 9.1-r11 (including) | 9.1-r11 (including) |
| Connect_secure | Ivanti | 9.1-r11.3 (including) | 9.1-r11.3 (including) |
| Connect_secure | Ivanti | 9.1-r11.4 (including) | 9.1-r11.4 (including) |
| Connect_secure | Ivanti | 9.1-r11.5 (including) | 9.1-r11.5 (including) |
| Connect_secure | Ivanti | 9.1-r12 (including) | 9.1-r12 (including) |
| Connect_secure | Ivanti | 9.1-r12.1 (including) | 9.1-r12.1 (including) |
| Connect_secure | Ivanti | 9.1-r13 (including) | 9.1-r13 (including) |
| Connect_secure | Ivanti | 9.1-r13.1 (including) | 9.1-r13.1 (including) |
| Connect_secure | Ivanti | 9.1-r14 (including) | 9.1-r14 (including) |
| Connect_secure | Ivanti | 9.1-r15 (including) | 9.1-r15 (including) |
| Connect_secure | Ivanti | 9.1-r15.2 (including) | 9.1-r15.2 (including) |
| Connect_secure | Ivanti | 9.1-r16 (including) | 9.1-r16 (including) |
| Connect_secure | Ivanti | 9.1-r16.1 (including) | 9.1-r16.1 (including) |
| Connect_secure | Ivanti | 9.1-r17 (including) | 9.1-r17 (including) |
| Connect_secure | Ivanti | 9.1-r17.1 (including) | 9.1-r17.1 (including) |
| Connect_secure | Ivanti | 9.1-r18 (including) | 9.1-r18 (including) |
| Connect_secure | Ivanti | 9.1-r2 (including) | 9.1-r2 (including) |
| Connect_secure | Ivanti | 9.1-r3 (including) | 9.1-r3 (including) |
| Connect_secure | Ivanti | 9.1-r4 (including) | 9.1-r4 (including) |
| Connect_secure | Ivanti | 9.1-r4.1 (including) | 9.1-r4.1 (including) |
| Connect_secure | Ivanti | 9.1-r4.2 (including) | 9.1-r4.2 (including) |
| Connect_secure | Ivanti | 9.1-r4.3 (including) | 9.1-r4.3 (including) |
| Connect_secure | Ivanti | 9.1-r5 (including) | 9.1-r5 (including) |
| Connect_secure | Ivanti | 9.1-r6 (including) | 9.1-r6 (including) |
| Connect_secure | Ivanti | 9.1-r7 (including) | 9.1-r7 (including) |
| Connect_secure | Ivanti | 9.1-r8 (including) | 9.1-r8 (including) |
| Connect_secure | Ivanti | 9.1-r8.1 (including) | 9.1-r8.1 (including) |
| Connect_secure | Ivanti | 9.1-r8.2 (including) | 9.1-r8.2 (including) |
| Connect_secure | Ivanti | 9.1-r9 (including) | 9.1-r9 (including) |
| Connect_secure | Ivanti | 9.1-r9.1 (including) | 9.1-r9.1 (including) |
| Connect_secure | Ivanti | 22.1-r1 (including) | 22.1-r1 (including) |
| Connect_secure | Ivanti | 22.1-r6 (including) | 22.1-r6 (including) |
| Connect_secure | Ivanti | 22.2 (including) | 22.2 (including) |
| Connect_secure | Ivanti | 22.2-r1 (including) | 22.2-r1 (including) |
| Connect_secure | Ivanti | 22.3-r1 (including) | 22.3-r1 (including) |
| Connect_secure | Ivanti | 22.4-r1 (including) | 22.4-r1 (including) |
| Connect_secure | Ivanti | 22.4-r2.1 (including) | 22.4-r2.1 (including) |
| Connect_secure | Ivanti | 22.5-r2.1 (including) | 22.5-r2.1 (including) |
| Connect_secure | Ivanti | 22.6 (including) | 22.6 (including) |
| Connect_secure | Ivanti | 22.6-r1 (including) | 22.6-r1 (including) |
| Connect_secure | Ivanti | 22.6-r2 (including) | 22.6-r2 (including) |
| Policy_secure | Ivanti | 9.0 (including) | 9.0 (including) |
| Policy_secure | Ivanti | 9.1-r1 (including) | 9.1-r1 (including) |
| Policy_secure | Ivanti | 9.1-r10 (including) | 9.1-r10 (including) |
| Policy_secure | Ivanti | 9.1-r11 (including) | 9.1-r11 (including) |
| Policy_secure | Ivanti | 9.1-r12 (including) | 9.1-r12 (including) |
| Policy_secure | Ivanti | 9.1-r13 (including) | 9.1-r13 (including) |
| Policy_secure | Ivanti | 9.1-r13.1 (including) | 9.1-r13.1 (including) |
| Policy_secure | Ivanti | 9.1-r14 (including) | 9.1-r14 (including) |
| Policy_secure | Ivanti | 9.1-r15 (including) | 9.1-r15 (including) |
| Policy_secure | Ivanti | 9.1-r16 (including) | 9.1-r16 (including) |
| Policy_secure | Ivanti | 9.1-r17 (including) | 9.1-r17 (including) |
| Policy_secure | Ivanti | 9.1-r18 (including) | 9.1-r18 (including) |
| Policy_secure | Ivanti | 9.1-r2 (including) | 9.1-r2 (including) |
| Policy_secure | Ivanti | 9.1-r3 (including) | 9.1-r3 (including) |
| Policy_secure | Ivanti | 9.1-r3.1 (including) | 9.1-r3.1 (including) |
| Policy_secure | Ivanti | 9.1-r4 (including) | 9.1-r4 (including) |
| Policy_secure | Ivanti | 9.1-r4.1 (including) | 9.1-r4.1 (including) |
| Policy_secure | Ivanti | 9.1-r4.2 (including) | 9.1-r4.2 (including) |
| Policy_secure | Ivanti | 9.1-r5 (including) | 9.1-r5 (including) |
| Policy_secure | Ivanti | 9.1-r6 (including) | 9.1-r6 (including) |
| Policy_secure | Ivanti | 9.1-r7 (including) | 9.1-r7 (including) |
| Policy_secure | Ivanti | 9.1-r8 (including) | 9.1-r8 (including) |
| Policy_secure | Ivanti | 9.1-r8.1 (including) | 9.1-r8.1 (including) |
| Policy_secure | Ivanti | 9.1-r8.2 (including) | 9.1-r8.2 (including) |
| Policy_secure | Ivanti | 9.1-r9 (including) | 9.1-r9 (including) |
| Policy_secure | Ivanti | 22.1-r1 (including) | 22.1-r1 (including) |
| Policy_secure | Ivanti | 22.1-r6 (including) | 22.1-r6 (including) |
| Policy_secure | Ivanti | 22.2-r1 (including) | 22.2-r1 (including) |
| Policy_secure | Ivanti | 22.2-r3 (including) | 22.2-r3 (including) |
| Policy_secure | Ivanti | 22.3-r1 (including) | 22.3-r1 (including) |
| Policy_secure | Ivanti | 22.3-r3 (including) | 22.3-r3 (including) |
| Policy_secure | Ivanti | 22.4-r1 (including) | 22.4-r1 (including) |
| Policy_secure | Ivanti | 22.4-r2 (including) | 22.4-r2 (including) |
| Policy_secure | Ivanti | 22.4-r2.1 (including) | 22.4-r2.1 (including) |
| Policy_secure | Ivanti | 22.5-r1 (including) | 22.5-r1 (including) |
| Policy_secure | Ivanti | 22.5-r2.1 (including) | 22.5-r2.1 (including) |
| Policy_secure | Ivanti | 22.6-r1 (including) | 22.6-r1 (including) |