Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2024-21888

🗓️ 31 Jan 2024 17:51:34Reported by hackeroneType 
cve
 cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 278 Views🌐 WEB

A privilege escalation vulnerability in Ivanti Connect Secure and Ivanti Policy Secure allows user to become administrator

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
0day.today		Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit
21 Feb 202400:00
zdt
ICS		Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
29 Feb 202412:00
ics
ATTACKERKB		CVE-2024-21893
31 Jan 202400:00
attackerkb
BDU FSTEC		The vulnerability of the web components of Ivanti Connect Secure and Ivanti Policy Secure control tools allows a perpetrator to…
6 Feb 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the SAML components in Ivanti Connect Secure and Ivanti Policy Secure access control tools allows a perpetrator to disclose protected information.
6 Feb 202400:00
bdu_fstec
Circl		CVE-2024-21888
10 Jan 202420:21
circl
CNNVD		Ivanti Connect Secure Code Issue Vulnerability
31 Jan 202400:00
cnnvd
CNNVD		Ivanti Connect Secure and Ivanti Policy Secure Security Vulnerabilities
31 Jan 202400:00
cnnvd
Cvelist		CVE-2024-21888
31 Jan 202417:51
cvelist
Hive Pro Threat Advisories		Ivanti Addresses Zero-Day Vulnerability Exploited in Attacks
2 Feb 202415:18
hivepro
Rows per page
NVD
Vulners
Vulnrichment
Node
ivanticonnect_secureMatch9.0-
OR
ivanticonnect_secureMatch9.0r1
OR
ivanticonnect_secureMatch9.0r2
OR
ivanticonnect_secureMatch9.0r2.1
OR
ivanticonnect_secureMatch9.0r3
OR
ivanticonnect_secureMatch9.0r3.1
OR
ivanticonnect_secureMatch9.0r3.2
OR
ivanticonnect_secureMatch9.0r3.3
OR
ivanticonnect_secureMatch9.0r3.5
OR
ivanticonnect_secureMatch9.0r4
OR
ivanticonnect_secureMatch9.0r4.1
OR
ivanticonnect_secureMatch9.0r5.0
OR
ivanticonnect_secureMatch9.0r6.0
OR
ivanticonnect_secureMatch9.1r1
OR
ivanticonnect_secureMatch9.1r10
OR
ivanticonnect_secureMatch9.1r11
OR
ivanticonnect_secureMatch9.1r11.3
OR
ivanticonnect_secureMatch9.1r11.4
OR
ivanticonnect_secureMatch9.1r11.5
OR
ivanticonnect_secureMatch9.1r12
OR
ivanticonnect_secureMatch9.1r12.1
OR
ivanticonnect_secureMatch9.1r13
OR
ivanticonnect_secureMatch9.1r13.1
OR
ivanticonnect_secureMatch9.1r14
OR
ivanticonnect_secureMatch9.1r15
OR
ivanticonnect_secureMatch9.1r15.2
OR
ivanticonnect_secureMatch9.1r16
OR
ivanticonnect_secureMatch9.1r16.1
OR
ivanticonnect_secureMatch9.1r17
OR
ivanticonnect_secureMatch9.1r17.1
OR
ivanticonnect_secureMatch9.1r18
OR
ivanticonnect_secureMatch9.1r18.1
OR
ivanticonnect_secureMatch9.1r18.2
OR
ivanticonnect_secureMatch9.1r2
OR
ivanticonnect_secureMatch9.1r3
OR
ivanticonnect_secureMatch9.1r4
OR
ivanticonnect_secureMatch9.1r4.1
OR
ivanticonnect_secureMatch9.1r4.2
OR
ivanticonnect_secureMatch9.1r4.3
OR
ivanticonnect_secureMatch9.1r5
OR
ivanticonnect_secureMatch9.1r6
OR
ivanticonnect_secureMatch9.1r7
OR
ivanticonnect_secureMatch9.1r8
OR
ivanticonnect_secureMatch9.1r8.1
OR
ivanticonnect_secureMatch9.1r8.2
OR
ivanticonnect_secureMatch9.1r9
OR
ivanticonnect_secureMatch9.1r9.1
OR
ivanticonnect_secureMatch21.9r1
OR
ivanticonnect_secureMatch21.12r1
OR
ivanticonnect_secureMatch22.1r1
OR
ivanticonnect_secureMatch22.1r6
OR
ivanticonnect_secureMatch22.2-
OR
ivanticonnect_secureMatch22.2r1
OR
ivanticonnect_secureMatch22.3r1
OR
ivanticonnect_secureMatch22.4r1
OR
ivanticonnect_secureMatch22.4r2.1
OR
ivanticonnect_secureMatch22.6-
OR
ivanticonnect_secureMatch22.6r1
OR
ivanticonnect_secureMatch22.6r2
OR
ivanticonnect_secureMatch22.6r2.1
OR
ivantipolicy_secureMatch9.0-
OR
ivantipolicy_secureMatch9.0r1
OR
ivantipolicy_secureMatch9.0r2
OR
ivantipolicy_secureMatch9.0r2.1
OR
ivantipolicy_secureMatch9.0r3
OR
ivantipolicy_secureMatch9.0r3.1
OR
ivantipolicy_secureMatch9.0r4
OR
ivantipolicy_secureMatch9.1-
OR
ivantipolicy_secureMatch9.1r1
OR
ivantipolicy_secureMatch9.1r10
OR
ivantipolicy_secureMatch9.1r11
OR
ivantipolicy_secureMatch9.1r12
OR
ivantipolicy_secureMatch9.1r13
OR
ivantipolicy_secureMatch9.1r13.1
OR
ivantipolicy_secureMatch9.1r14
OR
ivantipolicy_secureMatch9.1r15
OR
ivantipolicy_secureMatch9.1r16
OR
ivantipolicy_secureMatch9.1r17
OR
ivantipolicy_secureMatch9.1r18
OR
ivantipolicy_secureMatch9.1r18.1
OR
ivantipolicy_secureMatch9.1r18.2
OR
ivantipolicy_secureMatch9.1r2
OR
ivantipolicy_secureMatch9.1r3
OR
ivantipolicy_secureMatch9.1r3.1
OR
ivantipolicy_secureMatch9.1r4
OR
ivantipolicy_secureMatch9.1r4.1
OR
ivantipolicy_secureMatch9.1r4.2
OR
ivantipolicy_secureMatch9.1r4.3
OR
ivantipolicy_secureMatch9.1r5
OR
ivantipolicy_secureMatch9.1r6
OR
ivantipolicy_secureMatch9.1r7
OR
ivantipolicy_secureMatch9.1r8
OR
ivantipolicy_secureMatch9.1r8.1
OR
ivantipolicy_secureMatch9.1r8.2
OR
ivantipolicy_secureMatch9.1r9
OR
ivantipolicy_secureMatch22.1r1
OR
ivantipolicy_secureMatch22.1r6
OR
ivantipolicy_secureMatch22.2r1
OR
ivantipolicy_secureMatch22.2r3
OR
ivantipolicy_secureMatch22.3r1
OR
ivantipolicy_secureMatch22.3r3
OR
ivantipolicy_secureMatch22.4r1
OR
ivantipolicy_secureMatch22.4r2
OR
ivantipolicy_secureMatch22.4r2.1
OR
ivantipolicy_secureMatch22.5r1
OR
ivantipolicy_secureMatch22.6r1
[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "ICS",
    "versions": [
      {
        "version": "9.1R18",
        "status": "affected",
        "lessThanOrEqual": "9.1R18",
        "versionType": "semver"
      },
      {
        "version": "22.6R2",
        "status": "affected",
        "lessThanOrEqual": "22.6R2",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "IPS",
    "versions": [
      {
        "version": "9.1R18",
        "status": "affected",
        "lessThanOrEqual": "9.1R18",
        "versionType": "semver"
      },
      {
        "version": "22.6R1",
        "status": "affected",
        "lessThanOrEqual": "22.6R1",
        "versionType": "semver"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
ds:Signature/ds:KeyInfo/ds:RetrievalMethod/@URIrequest body/dana-ws/saml20.wsEndpoint that processes a crafted XML (SOAP) payload enabling SSRF/command injection through the KeyInfo RetrievalMethod URI.CWE-269
ds:SignatureValuerequest body/dana-ws/saml20.wsEndpoint that processes a crafted XML (SOAP) payload enabling SSRF/command injection through the KeyInfo RetrievalMethod URI.CWE-269
ds:SignedInforequest body/dana-ws/saml20.wsEndpoint that processes a crafted XML (SOAP) payload enabling SSRF/command injection through the KeyInfo RetrievalMethod URI.CWE-269
{encoder} (injected payload)path/api/v1/license/keys-status/{encoder}SSRF target path used to reach the local service for command execution after injection via the path segment.CWE-269

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Jun 2025 19:15Current
9.1High risk
Vulners AI Score9.1
CVSS 3.18.8
CVSS 38.8
EPSS0.61255
SSVC
CWE-269In Wild
cve-2024-21888privilege escalationweb componentivanti connect secureivanti policy securenvdsecurity vulnerability
278