CNNVD-202507-1033 Information
CNNVD ID
CNNVD-202507-1033
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
Ivanti Connect Secure(ICS)和Ivanti Policy Secure(IPS)都是美国Ivanti公司的产品。Ivanti Connect Secure是一款安全远程网络连接工具。Ivanti Policy Secure是一个网络访问控制 (NAC) 解决方案。 Ivanti Connect Secure 22.7R2.8之前版本和Ivanti Policy Secure 22.7R1.5之前版本存在注入漏洞,该漏洞源于CRLF注入,可能导致写入受保护的配置文件。
Description (English)
Ivanti Contact Security (ICS) and Ivanti Policy Security (IPS) are all products of the United States company Ivanti. Ivanti Contact Security is a secure remote network connection tool. Ivanti Policy Security is a web access control (NAC) solution. There is an injection loophole in previous versions of Ivanti Contact 22.7R2.8 and before Ivanti Policy 22.7R1.5, which originates from CRLF injections and may lead to inclusion in protected configuration files.
Hazard Level
High
Vulnerability Type
注入
Affected Vendor
iWT
Published
2025-07-08
Last Modified
2026-02-24
References
https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs https://access.redhat.com/security/cve/cve-2025-0293