An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
13 Feb 2024, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.3 |
| First Time |
Ivanti policy Secure
Ivanti connect Secure Ivanti Ivanti zero Trust Access |
|
| CPE | cpe:2.3:a:ivanti:connect_secure:22.4:r2.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.5:r2.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r17.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r18.3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.5:r1.1:*:*:*:*:*:* cpe:2.3:a:ivanti:zero_trust_access:22.6:r1.3:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.5:r1.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r14.4:*:*:*:*:*:* |
|
| References | () https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US - Vendor Advisory | |
| CWE | CWE-611 |
13 Feb 2024, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-02-13 04:15
Updated : 2025-05-09 19:15
NVD link : CVE-2024-22024
Mitre link : CVE-2024-22024
JSON object : View
Products Affected
ivanti
- zero_trust_access
- policy_secure
- connect_secure
CWE
CWE-611
Improper Restriction of XML External Entity Reference