An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
13 Feb 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ivanti:connect_secure:22.5:r1.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r18.3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.5:r2.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r17.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r14.4:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.5:r1.1:*:*:*:*:*:* cpe:2.3:a:ivanti:zero_trust_access:22.6:r1.3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.4:r2.2:*:*:*:*:*:* |
|
References | () https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.3 |
First Time |
Ivanti
Ivanti zero Trust Access Ivanti connect Secure Ivanti policy Secure |
|
CWE | CWE-611 |
13 Feb 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-13 04:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-22024
Mitre link : CVE-2024-22024
CVE.ORG link : CVE-2024-22024
JSON object : View
Products Affected
ivanti
- connect_secure
- policy_secure
- zero_trust_access
CWE
CWE-611
Improper Restriction of XML External Entity Reference