Security News > 2024 > February > Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways

Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways
2024-02-09 03:35

Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication. The issue, tracked as CVE-2024-22024, is rated 8.3 out of 10 on the CVSS scoring system. "An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti


News URL

https://thehackernews.com/2024/02/warning-new-ivanti-auth-bypass-flaw.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-22024 XXE vulnerability in Ivanti Connect Secure, Policy Secure and Zero Trust Access
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
network
low complexity
ivanti CWE-611
8.3
8.3

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 26 0 51 152 75 278