CVE-2024-21893
CVSS 3.1 Score 8.2 of 10 (high)
Details
Summary
CVE-2024-21893 is a serious vulnerability affecting Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x), as well as Ivanti Neurons for ZTA. The flaw is classified as a server-side request forgery (SSRF) vulnerability in the Single Sign-On (SSO) component using the Security Assertion Markup Language (SAML). An attacker can exploit this weakness to gain unauthorized access to restricted resources without requiring authentication. The successful exploitation of this issue could lead to significant security risks and potential data breaches. It is strongly recommended that affected organizations apply the available patches as soon as possible to mitigate the threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Ivanti Connect Secure
- Ivanti Policy Secure
Affected Vendors
- Ivanti Software Inc.