CVE-2024-22024

CVSS 3.1 Score 8.3 of 10 (high)

Details

Published Feb 13, 2024

CWE ID 611

Summary

CVE-2024-22024 is a newly disclosed XML External Entity (XXE) vulnerability affecting Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) as well as certain ZTA gateways. This issue lies in the SAML component and enables unauthenticated attackers to access restricted resources by exploiting the XXE vulnerability. The vulnerability can potentially lead to sensitive data exposure or even server compromise. Ivanti urges users to apply the available patches promptly to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ivanti Connect Secure
Ivanti Policy Secure

Affected Vendors

Ivanti Software Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ubvyD4
https://www.cve.org/CVERecord?id=CVE-2024-22024
https://nvd.nist.gov/vuln/detail/CVE-2024-22024

Back to Vulnerability Database