Lucene search

K
cvelistHackeroneCVELIST:CVE-2024-22024
HistoryFeb 13, 2024 - 4:07 a.m.

CVE-2024-22024

2024-02-1304:07:04
hackerone
www.cve.org
xml
xxe
saml
ivanti
connect secure
policy secure
zta gateways
authentication

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

8.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

CNA Affected

[
  {
    "vendor": "Ivanti",
    "product": "ICS",
    "versions": [
      {
        "version": "9.1R14.5",
        "status": "affected",
        "lessThan": "9.1R14.5",
        "versionType": "semver"
      },
      {
        "version": "9.1R17.3",
        "status": "affected",
        "lessThan": "9.1R17.3",
        "versionType": "semver"
      },
      {
        "version": "9.1R18.4",
        "status": "affected",
        "lessThan": "9.1R18.4",
        "versionType": "semver"
      },
      {
        "version": "22.1R6.1",
        "status": "affected",
        "lessThan": "22.1R6.1",
        "versionType": "semver"
      },
      {
        "version": "9.1R14.4",
        "status": "unaffected",
        "lessThan": "9.1R14.4",
        "versionType": "semver"
      },
      {
        "version": "9.1R15.2",
        "status": "unaffected",
        "lessThan": "9.1R15.2",
        "versionType": "semver"
      },
      {
        "version": "9.1R16.2",
        "status": "unaffected",
        "lessThan": "9.1R16.2",
        "versionType": "semver"
      },
      {
        "version": "9.1R17.2",
        "status": "unaffected",
        "lessThan": "9.1R17.2",
        "versionType": "semver"
      },
      {
        "version": "9.1R18.3",
        "status": "unaffected",
        "lessThan": "9.1R18.3",
        "versionType": "semver"
      },
      {
        "version": "22.1R6.1",
        "status": "unaffected",
        "lessThan": "22.1R6.1",
        "versionType": "semver"
      },
      {
        "version": "22.2R4.1",
        "status": "affected",
        "lessThan": "22.2R4.1",
        "versionType": "semver"
      },
      {
        "version": "22.3R1.1",
        "status": "affected",
        "lessThan": "22.3R1.1",
        "versionType": "semver"
      },
      {
        "version": "22.4R1.1",
        "status": "affected",
        "lessThan": "22.4R1.1",
        "versionType": "semver"
      },
      {
        "version": "22.5R1.2",
        "status": "affected",
        "lessThan": "22.5R1.2",
        "versionType": "semver"
      },
      {
        "version": "22.6R1.1",
        "status": "affected",
        "lessThan": "22.6R1.1",
        "versionType": "semver"
      },
      {
        "version": "22.4R2.3",
        "status": "affected",
        "lessThan": "22.4R2.3",
        "versionType": "semver"
      },
      {
        "version": "22.5R2.3",
        "status": "affected",
        "lessThan": "22.5R2.3",
        "versionType": "semver"
      },
      {
        "version": "22.6R2.2",
        "status": "affected",
        "lessThan": "22.6R2.2",
        "versionType": "semver"
      },
      {
        "version": "22.2R4.1",
        "status": "unaffected",
        "lessThan": "22.2R4.1",
        "versionType": "semver"
      },
      {
        "version": "22.3R1",
        "status": "unaffected",
        "lessThan": "22.3R1",
        "versionType": "semver"
      },
      {
        "version": "22.4R1.1",
        "status": "unaffected",
        "lessThan": "22.4R1.1",
        "versionType": "semver"
      },
      {
        "version": "22.5R1.1",
        "status": "unaffected",
        "lessThan": "22.5R1.1",
        "versionType": "semver"
      },
      {
        "version": "22.6R1.1",
        "status": "unaffected",
        "lessThan": "22.6R1.1",
        "versionType": "semver"
      },
      {
        "version": "22.4R2.2",
        "status": "unaffected",
        "lessThan": "22.4R2.2",
        "versionType": "semver"
      },
      {
        "version": "22.5R2.2",
        "status": "unaffected",
        "lessThan": "22.5R2.2",
        "versionType": "semver"
      },
      {
        "version": "22.6R2.2",
        "status": "unaffected",
        "lessThan": "22.6R2.2",
        "versionType": "semver"
      }
    ]
  },
  {
    "vendor": "Ivant ",
    "product": "ICS",
    "versions": [
      {
        "version": "9.1R15.3",
        "status": "affected",
        "lessThan": "9.1R15.3",
        "versionType": "semver"
      }
    ]
  },
  {
    "vendor": "Ivanti",
    "product": "IPS",
    "versions": [
      {
        "version": "9.1R18.4",
        "status": "affected",
        "lessThan": "9.1R18.4",
        "versionType": "semver"
      },
      {
        "version": "9.1R17.3",
        "status": "affected",
        "lessThan": "9.1R17.3",
        "versionType": "semver"
      },
      {
        "version": "22.5R1.2",
        "status": "affected",
        "lessThan": "22.5R1.2",
        "versionType": "semver"
      },
      {
        "version": "9.1R18.2",
        "status": "unaffected",
        "lessThan": "9.1R18.2",
        "versionType": "semver"
      },
      {
        "version": "9.1R17.2",
        "status": "unaffected",
        "lessThan": "9.1R17.2",
        "versionType": "semver"
      },
      {
        "version": "22.5R1.1",
        "status": "unaffected",
        "lessThan": "22.5R1.1",
        "versionType": "semver"
      }
    ]
  }
]

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

8.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%