Vulnerabilities > CVE-2024-22024 - XXE vulnerability in Ivanti Connect Secure, Policy Secure and Zero Trust Access

047910
CVSS 8.3 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
LOW
network
low complexity
ivanti
CWE-611
NVD
Published: 2024-02-13
Updated: 2024-02-13

Summary

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

Vulnerable Configurations

Part Description Count
Application
Ivanti
8

Common Weakness Enumeration (CWE)

Related news

References