Authentication flaw

2024-01-1217:15:00

PRIOn knowledge base

www.prio-n.com

ivanti

authentication bypass

web component

vulnerability

nvd

remote attacker

restricted resources

control checks

7.5 High

AI Score

Confidence

Low

0.959 High

EPSS

Percentile

99.5%

JSON

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

CPENameOperatorVersion
connect_secureeq22.1 r1
connect_secureeq22.2 r1
connect_secureeq9.1 r16.1
connect_secureeq9.1 r16
connect_secureeq9.1 r15
connect_secureeq9.1 r15.2
connect_secureeq22.2
connect_secureeq22.5 r2.1
connect_secureeq22.4 r2.1
connect_secureeq22.3 r1

Name	Operator	Version
connect_secure	eq	22.1 r1
connect_secure	eq	22.2 r1
connect_secure	eq	9.1 r16.1
connect_secure	eq	9.1 r16
connect_secure	eq	9.1 r15
connect_secure	eq	9.1 r15.2
connect_secure	eq	22.2
connect_secure	eq	22.5 r2.1
connect_secure	eq	22.4 r2.1
connect_secure	eq	22.3 r1

Rows per page:

1-10 of 811

References

packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html

forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US