Security News > 2024 > February > Ivanti discloses fifth vulnerability, doesn't credit researchers who found it

Ivanti discloses fifth vulnerability, doesn't credit researchers who found it
2024-02-09 21:30

In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it.

Researchers at watchTowr blogged today about not being credited with the discovery of CVE-2024-22024 - the latest in a series of vulnerabilities affecting Ivanti gateways as the vendor continues to develop patches for supported versions.

"As part of the ongoing investigation, we discovered a new vulnerability as part of our internal review and testing of our code, which we are reporting as CVE-2024-22024," an Ivanti article reads.

WatchTowr claims its researchers were the first to bring Ivanti's attention to the bug on February 2, publishing screenshots of the emails exchanged between it and Ivanti as proof.

"Commenting on the above excerpt from Ivanti's advisory, watchTowr said:"Today, Friday February 9, 2024, we are pleased to see that Ivanti has released an advisory for this vulnerability.

Ivanti has continued to work on developing patches in accordance with its staggered schedule, which is to say it's developing patches for the versions with the most users, and working down from there.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/09/ivanti_discloses_fifth_ics_vulnerability/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-22024 XXE vulnerability in Ivanti Connect Secure, Policy Secure and Zero Trust Access
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
network
low complexity
ivanti CWE-611
8.3

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 27 0 51 157 75 283