CVE-2024-22023

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.

Published: Apr 4, 2024
Updated: Apr 9, 2024
CVE: CVE-2024-22023
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
ivanti / connect_secure	9.1-r16	9.1-r16.x
ivanti / connect_secure	9.1-r15	9.1-r15.x
ivanti / policy_secure	9.1-r15	9.1-r15.x
ivanti / policy_secure	9.1-r16	9.1-r16.x
ivanti / policy_secure	9.1-r1	9.1-r1.x
ivanti / policy_secure	9.1-r2	9.1-r2.x
ivanti / policy_secure	9.1-r3	9.1-r3.x
ivanti / policy_secure	9.1-r4	9.1-r4.x
ivanti / policy_secure	9.1-r5	9.1-r5.x
ivanti / policy_secure	9.1-r6	9.1-r6.x
ivanti / policy_secure	9.1-r7	9.1-r7.x
ivanti / policy_secure	9.1-r8	9.1-r8.x
ivanti / policy_secure	9.1-r9	9.1-r9.x
ivanti / policy_secure	9.1-r10	9.1-r10.x
ivanti / policy_secure	9.1-r11	9.1-r11.x
ivanti / policy_secure	9.1-r12	9.1-r12.x
ivanti / policy_secure	9.1-r13	9.1-r13.x
ivanti / policy_secure	9.1-r14	9.1-r14.x
ivanti / policy_secure	9.1-r17	9.1-r17.x
ivanti / policy_secure	9.1-r18	9.1-r18.x
ivanti / connect_secure	9.1-r1	9.1-r1.x
ivanti / connect_secure	9.1-r2	9.1-r2.x
ivanti / connect_secure	9.1-r3	9.1-r3.x
ivanti / connect_secure	9.1-r4	9.1-r4.x
ivanti / connect_secure	9.1-r4.1	9.1-r4.1.x
ivanti / connect_secure	9.1-r4.2	9.1-r4.2.x
ivanti / connect_secure	9.1-r4.3	9.1-r4.3.x
ivanti / connect_secure	9.1-r5	9.1-r5.x
ivanti / connect_secure	9.1-r6	9.1-r6.x
ivanti / connect_secure	9.1-r7	9.1-r7.x
ivanti / connect_secure	9.1-r8	9.1-r8.x
ivanti / connect_secure	9.1-r9	9.1-r9.x
ivanti / connect_secure	9.1-r10	9.1-r10.x
ivanti / connect_secure	9.1-r11	9.1-r11.x
ivanti / connect_secure	9.1-r11.5	9.1-r11.5.x
ivanti / connect_secure	9.1-r12	9.1-r12.x
ivanti / connect_secure	9.1-r13	9.1-r13.x
ivanti / connect_secure	9.1-r17	9.1-r17.x
ivanti / connect_secure	9.1-r18	9.1-r18.x
ivanti / policy_secure	9.0-r1	9.0-r1.x
ivanti / policy_secure	9.0-r2	9.0-r2.x
ivanti / policy_secure	9.0-r2.1	9.0-r2.1.x
ivanti / policy_secure	9.0-r3	9.0-r3.x
ivanti / policy_secure	9.0-r3.1	9.0-r3.1.x
ivanti / policy_secure	9.1	9.1.x
ivanti / policy_secure	9.0	9.0.x
ivanti / policy_secure	9.0-r4	9.0-r4.x
ivanti / connect_secure	9.1-r14	9.1-r14.x
ivanti / connect_secure	22.1	22.1.x
ivanti / connect_secure	22.2	22.2.x
ivanti / connect_secure	22.3	22.3.x
ivanti / connect_secure	22.4	22.4.x
ivanti / connect_secure	22.5	22.5.x
ivanti / connect_secure	22.6	22.6.x
ivanti / policy_secure	22.1	22.1.x
ivanti / policy_secure	22.2	22.2.x
ivanti / policy_secure	22.3	22.3.x
ivanti / policy_secure	22.4	22.4.x
ivanti / policy_secure	22.5	22.5.x
ivanti / policy_secure	22.6	22.6.x

https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

Vulnerability Database

290,206

CVE-2024-22023