CVE-2024-7593

Summary

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Affected Software

VendorProductVersion RangeStatus
IvantivTM22.7R2unaffected
IvantivTM22.2R1unaffected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication
  • CWE-303: CWE-303 Incorrect Implementation of Authentication Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References