Lucene search
HistoryJan 31, 2024 - 6:15 p.m.
CVE-2024-21893
ivanti connect secure
ivanti policy secure
ivanti neurons
saml
server-side request forgery
authentication
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.3 High
AI Score
Confidence
High
0.961 High
EPSS
Percentile
99.5%
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
Affected configurations
Node
ivanticonnect_secureMatch9.0-
ORivanticonnect_secureMatch9.0r1
ORivanticonnect_secureMatch9.0r2
ORivanticonnect_secureMatch9.0r2.1
ORivanticonnect_secureMatch9.0r3
ORivanticonnect_secureMatch9.0r3.1
ORivanticonnect_secureMatch9.0r3.2
ORivanticonnect_secureMatch9.0r3.3
ORivanticonnect_secureMatch9.0r3.5
ORivanticonnect_secureMatch9.0r4
ORivanticonnect_secureMatch9.0r4.1
ORivanticonnect_secureMatch9.0r5.0
ORivanticonnect_secureMatch9.0r6.0
ORivanticonnect_secureMatch9.1r1
ORivanticonnect_secureMatch9.1r10
ORivanticonnect_secureMatch9.1r11
ORivanticonnect_secureMatch9.1r11.3
ORivanticonnect_secureMatch9.1r11.4
ORivanticonnect_secureMatch9.1r11.5
ORivanticonnect_secureMatch9.1r12
ORivanticonnect_secureMatch9.1r12.1
ORivanticonnect_secureMatch9.1r13
ORivanticonnect_secureMatch9.1r13.1
ORivanticonnect_secureMatch9.1r14
ORivanticonnect_secureMatch9.1r15
ORivanticonnect_secureMatch9.1r15.2
ORivanticonnect_secureMatch9.1r16
ORivanticonnect_secureMatch9.1r16.1
ORivanticonnect_secureMatch9.1r17
ORivanticonnect_secureMatch9.1r17.1
ORivanticonnect_secureMatch9.1r18
ORivanticonnect_secureMatch9.1r18.1
ORivanticonnect_secureMatch9.1r18.2
ORivanticonnect_secureMatch9.1r2
ORivanticonnect_secureMatch9.1r3
ORivanticonnect_secureMatch9.1r4
ORivanticonnect_secureMatch9.1r4.1
ORivanticonnect_secureMatch9.1r4.2
ORivanticonnect_secureMatch9.1r4.3
ORivanticonnect_secureMatch9.1r5
ORivanticonnect_secureMatch9.1r6
ORivanticonnect_secureMatch9.1r7
ORivanticonnect_secureMatch9.1r8
ORivanticonnect_secureMatch9.1r8.1
ORivanticonnect_secureMatch9.1r8.2
ORivanticonnect_secureMatch9.1r9
ORivanticonnect_secureMatch9.1r9.1
ORivanticonnect_secureMatch21.9r1
ORivanticonnect_secureMatch21.12r1
ORivanticonnect_secureMatch22.1r1
ORivanticonnect_secureMatch22.1r6
ORivanticonnect_secureMatch22.2-
ORivanticonnect_secureMatch22.2r1
ORivanticonnect_secureMatch22.3r1
ORivanticonnect_secureMatch22.4r1
ORivanticonnect_secureMatch22.4r2.1
ORivanticonnect_secureMatch22.6-
ORivanticonnect_secureMatch22.6r1
ORivanticonnect_secureMatch22.6r2
ORivanticonnect_secureMatch22.6r2.1
ORivantineurons_for_zero-trust_accessMatch-
ORivantipolicy_secureMatch9.0-
ORivantipolicy_secureMatch9.0r1
ORivantipolicy_secureMatch9.0r2
ORivantipolicy_secureMatch9.0r2.1
ORivantipolicy_secureMatch9.0r3
ORivantipolicy_secureMatch9.0r3.1
ORivantipolicy_secureMatch9.0r4
ORivantipolicy_secureMatch9.1-
ORivantipolicy_secureMatch9.1r1
ORivantipolicy_secureMatch9.1r10
ORivantipolicy_secureMatch9.1r11
ORivantipolicy_secureMatch9.1r12
ORivantipolicy_secureMatch9.1r13
ORivantipolicy_secureMatch9.1r13.1
ORivantipolicy_secureMatch9.1r14
ORivantipolicy_secureMatch9.1r15
ORivantipolicy_secureMatch9.1r16
ORivantipolicy_secureMatch9.1r17
ORivantipolicy_secureMatch9.1r18
ORivantipolicy_secureMatch9.1r18.1
ORivantipolicy_secureMatch9.1r18.2
ORivantipolicy_secureMatch9.1r2
ORivantipolicy_secureMatch9.1r3
ORivantipolicy_secureMatch9.1r3.1
ORivantipolicy_secureMatch9.1r4
ORivantipolicy_secureMatch9.1r4.1
ORivantipolicy_secureMatch9.1r4.2
ORivantipolicy_secureMatch9.1r4.3
ORivantipolicy_secureMatch9.1r5
ORivantipolicy_secureMatch9.1r6
ORivantipolicy_secureMatch9.1r7
ORivantipolicy_secureMatch9.1r8
ORivantipolicy_secureMatch9.1r8.1
ORivantipolicy_secureMatch9.1r8.2
ORivantipolicy_secureMatch9.1r9
ORivantipolicy_secureMatch22.1r1
ORivantipolicy_secureMatch22.1r6
ORivantipolicy_secureMatch22.2r1
ORivantipolicy_secureMatch22.2r3
ORivantipolicy_secureMatch22.3r1
ORivantipolicy_secureMatch22.3r3
ORivantipolicy_secureMatch22.4r1
ORivantipolicy_secureMatch22.4r2
ORivantipolicy_secureMatch22.4r2.1
ORivantipolicy_secureMatch22.5r1
ORivantipolicy_secureMatch22.6r1
Related
cisa_kev
cisa_kev
cve
cve
CVE-2024-21893
2024-01-31 18:15:47
CVE-2024-34581
2024-06-26 05:15:51
hackread
hackread
cvelist
cvelist
CVE-2024-21893
2024-01-31 17:51:35
CVE-2024-34581
2024-06-26 00:00:00
nessus
nessus
Ivanti Policy Secure 9.x / 22.x SSRF-RCE Chain (CVE-2024-21893)
2024-02-06 00:00:00
Ivanti Policy Secure 9.x / 22.x SSRF (CVE-2024-21893)
2024-02-06 00:00:00
Ivanti Connect Secure 9.x / 22.x SSRF (CVE-2024-21893)
2024-02-06 00:00:00
hivepro
hivepro
Attacks, Vulnerabilities and Actors 29 January to 4 February 2024
2024-02-06 08:18:54
Ivanti Addresses Zero-Day Vulnerability Exploited in Attacks
2024-02-02 15:18:18
Ivanti Gateways Under Attack by Cybercriminals Patch Now
2024-03-01 15:08:13
prion
prion
Server side request forgery (ssrf)
2024-01-31 18:15:00
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Ivanti Connect Secure
2024-02-02 22:59:21
talosblog
talosblog
Spyware isnβt going anywhere, and neither are its tactics
2024-02-08 19:00:53
thn
thn
nuclei
nuclei
Ivanti SAML - Server Side Request Forgery (SSRF)
2024-02-03 08:20:02
nvd
nvd
CVE-2024-34581
2024-06-26 05:15:51
vulnrichment
vulnrichment
CVE-2024-34581
2024-06-26 00:00:00
wizblog
wizblog
malwarebytes
malwarebytes
CISA: Disconnect vulnerable Ivanti products TODAY
2024-02-02 14:18:43
attackerkb
attackerkb
CVE-2024-21893
2024-01-31 00:00:00
ics
ics
metasploit
metasploit
Ivanti Connect Secure Unauthenticated Remote Code Execution
2024-02-06 11:49:04
zdt
zdt
Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit
2024-02-21 00:00:00
rapid7blog
rapid7blog
Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways
2024-01-11 13:00:40
Metasploit Weekly Wrap-Up 02/23/2024
2024-02-23 17:50:39
packetstorm
packetstorm
Ivanti Connect Secure Unauthenticated Remote Code Execution
2024-02-21 00:00:00
avleonov
avleonov
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.3 High
AI Score
Confidence
High
0.961 High
EPSS
Percentile
99.5%
Related for NVD:CVE-2024-21893