An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:29
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US - Vendor Advisory |
10 Jun 2024, 15:39
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
22 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jan 2024, 20:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US - Vendor Advisory | |
CPE | cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
CWE | CWE-287 | |
First Time |
Ivanti connect Secure
Ivanti policy Secure Ivanti |
12 Jan 2024, 18:05
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-12 17:15
Updated : 2024-11-21 08:29
NVD link : CVE-2023-46805
Mitre link : CVE-2023-46805
CVE.ORG link : CVE-2023-46805
JSON object : View
Products Affected
ivanti
- policy_secure
- connect_secure
CWE
CWE-287
Improper Authentication