Vulnerabilities > CVE-2024-21893 - Server-Side Request Forgery (SSRF) vulnerability in Ivanti Connect Secure and Policy Secure
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
LOW Availability impact
NONE Summary
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Related news
- Newest Ivanti SSRF zero-day now under mass exploitation (source)
- More mass exploits hit the same buggy Ivanti devices (source)
- Ivanti devices hit by wave of exploits for latest security hole (source)
- Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation (source)
- Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) (source)
- Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor (source)
- Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures (source)
- Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893) (source)
- Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (source)
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)