Ivanti Connect Secure versions prior to 22.7R2.1 and 22.7R2.2, and Ivanti Policy Secure versions prior to 22.7R1.1, contain a CRLF injection vulnerability which could be exploited by an authenticated administrator to execute arbitrary code with root privileges.
