Vulnerabilities > CVE-2024-22023 - NULL Pointer Dereference vulnerability in Ivanti Connect Secure and Policy Secure

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
LOW
network
low complexity
ivanti
CWE-476
NVD
Published: 2024-04-04
Updated: 2024-10-03

Summary

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.

Vulnerable Configurations

Part Description Count
Application
Ivanti
60

Common Weakness Enumeration (CWE)

References