An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
13 Feb 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ivanti
Ivanti zero Trust Access Ivanti connect Secure Ivanti policy Secure |
|
References | () https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.3 |
CPE | cpe:2.3:a:ivanti:connect_secure:22.5:r1.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r18.3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.5:r2.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r17.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r14.4:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.5:r1.1:*:*:*:*:*:* cpe:2.3:a:ivanti:zero_trust_access:22.6:r1.3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.4:r2.2:*:*:*:*:*:* |
|
CWE | CWE-611 |
13 Feb 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-13 04:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-22024
Mitre link : CVE-2024-22024
CVE.ORG link : CVE-2024-22024
JSON object : View
Products Affected
ivanti
- zero_trust_access
- connect_secure
- policy_secure
CWE
CWE-611
Improper Restriction of XML External Entity Reference