Security News > 2024 > January > Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation

Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation
2024-01-31 13:38

Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-21888 (CVSS score: 8.8) - A privilege escalation vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows


News URL

https://thehackernews.com/2024/01/alert-ivanti-discloses-2-new-zero-day.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-31 CVE-2024-21888 Unspecified vulnerability in Ivanti Connect Secure and Policy Secure
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.
network
low complexity
ivanti
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 27 0 51 157 75 283