Vulnerability Database

318,003

Total vulnerabilities in the database

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

  • Published: Jan 12, 2024
  • Updated: Nov 4, 2025
  • CVE: CVE-2024-21887
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.1
  • AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
ivanti / connect_secure 22.1-r1 22.1-r1.x
ivanti / connect_secure 22.2-r1 22.2-r1.x
ivanti / connect_secure 9.1-r16.1 9.1-r16.1.x
ivanti / connect_secure 9.1-r16 9.1-r16.x
ivanti / connect_secure 9.1-r15 9.1-r15.x
ivanti / connect_secure 9.1-r15.2 9.1-r15.2.x
ivanti / connect_secure 22.2 22.2.x
ivanti / policy_secure 22.2-r1 22.2-r1.x
ivanti / policy_secure 22.1-r1 22.1-r1.x
ivanti / policy_secure 9.1-r15 9.1-r15.x
ivanti / policy_secure 9.1-r16 9.1-r16.x
ivanti / connect_secure 22.5-r2.1 22.5-r2.1.x
ivanti / connect_secure 22.4-r2.1 22.4-r2.1.x
ivanti / connect_secure 22.3-r1 22.3-r1.x
ivanti / connect_secure 22.4-r1 22.4-r1.x
ivanti / connect_secure 22.1-r6 22.1-r6.x
ivanti / connect_secure 22.6 22.6.x
ivanti / policy_secure 9.1-r13.1 9.1-r13.1.x
ivanti / policy_secure 9.1-r8.2 9.1-r8.2.x
ivanti / policy_secure 9.1-r8.1 9.1-r8.1.x
ivanti / policy_secure 9.1-r4.2 9.1-r4.2.x
ivanti / policy_secure 9.1-r4.1 9.1-r4.1.x
ivanti / policy_secure 9.1-r3.1 9.1-r3.1.x
ivanti / policy_secure 9.1-r1 9.1-r1.x
ivanti / policy_secure 9.1-r2 9.1-r2.x
ivanti / policy_secure 9.1-r3 9.1-r3.x
ivanti / policy_secure 9.1-r4 9.1-r4.x
ivanti / policy_secure 9.1-r5 9.1-r5.x
ivanti / policy_secure 9.1-r6 9.1-r6.x
ivanti / policy_secure 9.1-r7 9.1-r7.x
ivanti / policy_secure 9.1-r8 9.1-r8.x
ivanti / policy_secure 9.1-r9 9.1-r9.x
ivanti / policy_secure 9.1-r10 9.1-r10.x
ivanti / policy_secure 9.1-r11 9.1-r11.x
ivanti / policy_secure 9.1-r12 9.1-r12.x
ivanti / policy_secure 9.1-r13 9.1-r13.x
ivanti / policy_secure 9.1-r14 9.1-r14.x
ivanti / policy_secure 9.1-r17 9.1-r17.x
ivanti / policy_secure 22.3-r3 22.3-r3.x
ivanti / policy_secure 22.6-r1 22.6-r1.x
ivanti / policy_secure 22.5-r1 22.5-r1.x
ivanti / policy_secure 22.4-r1 22.4-r1.x
ivanti / policy_secure 22.3-r1 22.3-r1.x
ivanti / policy_secure 9.1-r18 9.1-r18.x
ivanti / policy_secure 22.1-r6 22.1-r6.x
ivanti / policy_secure 22.2-r3 22.2-r3.x
ivanti / policy_secure 22.4-r2 22.4-r2.x
ivanti / policy_secure 22.4-r2.1 22.4-r2.1.x
ivanti / policy_secure 22.5-r2.1 22.5-r2.1.x
ivanti / connect_secure 9.1-r1 9.1-r1.x
ivanti / connect_secure 9.1-r2 9.1-r2.x
ivanti / connect_secure 9.1-r3 9.1-r3.x
ivanti / connect_secure 9.1-r4 9.1-r4.x
ivanti / connect_secure 9.1-r4.1 9.1-r4.1.x
ivanti / connect_secure 9.1-r4.2 9.1-r4.2.x
ivanti / connect_secure 9.1-r4.3 9.1-r4.3.x
ivanti / connect_secure 9.1-r5 9.1-r5.x
ivanti / connect_secure 9.1-r6 9.1-r6.x
ivanti / connect_secure 9.1-r7 9.1-r7.x
ivanti / connect_secure 9.1-r8 9.1-r8.x
ivanti / connect_secure 9.1-r8.1 9.1-r8.1.x
ivanti / connect_secure 9.1-r8.2 9.1-r8.2.x
ivanti / connect_secure 9.1-r9 9.1-r9.x
ivanti / connect_secure 9.1-r9.1 9.1-r9.1.x
ivanti / connect_secure 9.1-r10 9.1-r10.x
ivanti / connect_secure 9.1-r11 9.1-r11.x
ivanti / connect_secure 9.1-r11.3 9.1-r11.3.x
ivanti / connect_secure 9.1-r11.4 9.1-r11.4.x
ivanti / connect_secure 9.1-r11.5 9.1-r11.5.x
ivanti / connect_secure 9.1-r12 9.1-r12.x
ivanti / connect_secure 9.1-r12.1 9.1-r12.1.x
ivanti / connect_secure 9.1-r13 9.1-r13.x
ivanti / connect_secure 9.1-r13.1 9.1-r13.1.x
ivanti / connect_secure 9.1-r14 9.1-r14.x
ivanti / connect_secure 9.1-r17 9.1-r17.x
ivanti / connect_secure 9.1-r17.1 9.1-r17.1.x
ivanti / connect_secure 9.1-r18 9.1-r18.x
ivanti / connect_secure 22.6-r2 22.6-r2.x
ivanti / connect_secure 22.6-r1 22.6-r1.x
ivanti / connect_secure 9.0 9.0.x
ivanti / policy_secure 9.0 9.0.x