Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

  • Published: Feb 13, 2024
  • Updated: Feb 14, 2024
  • CVE: CVE-2024-22024
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.3
  • AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CWEs:

OWASP TOP 10:

Software From Fixed in
ivanti / connect_secure 22.5-r2.2 22.5-r2.2.x
ivanti / connect_secure 9.1-r14.4 9.1-r14.4.x
ivanti / connect_secure 9.1-r18.3 9.1-r18.3.x
ivanti / connect_secure 22.4-r2.2 22.4-r2.2.x
ivanti / connect_secure 22.5-r1.1 22.5-r1.1.x
ivanti / connect_secure 9.1-r17.2 9.1-r17.2.x
ivanti / policy_secure 22.5-r1.1 22.5-r1.1.x
ivanti / zero_trust_access 22.6-r1.3 22.6-r1.3.x