CVE-2024-21893

Summary

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Affected Software

VendorProductVersion RangeStatus
IvantiICS9.1R18 <= 9.1R18affected
IvantiICS22.6R2 <= 22.6R2affected
IvantiIPS9.1R18 <= 9.1R18affected
IvantiIPS22.6R1 <= 22.6R1affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: partial

Additional References

CVE Program Container

Additional References

References