CVE-2022-35254
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
05/12/2022
Last modified:
24/04/2025
Description
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:* | 9.1 (excluding) | |
| cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page