Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2024-22024
HistoryFeb 13, 2024 - 4:07 a.m.

CVE-2024-22024

2024-02-1304:07:04
hackerone
www.cve.org
xml
xxe
saml
ivanti
connect secure
policy secure
zta gateways
authentication

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

8.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

JSON

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

CNA Affected

[
  {
    "vendor": "Ivanti",
    "product": "ICS",
    "versions": [
      {
        "version": "9.1R14.5",
        "status": "affected",
        "lessThan": "9.1R14.5",
        "versionType": "semver"
      },
      {
        "version": "9.1R17.3",
        "status": "affected",
        "lessThan": "9.1R17.3",
        "versionType": "semver"
      },
      {
        "version": "9.1R18.4",
        "status": "affected",
        "lessThan": "9.1R18.4",
        "versionType": "semver"
      },
      {
        "version": "22.1R6.1",
        "status": "affected",
        "lessThan": "22.1R6.1",
        "versionType": "semver"
      },
      {
        "version": "9.1R14.4",
        "status": "unaffected",
        "lessThan": "9.1R14.4",
        "versionType": "semver"
      },
      {
        "version": "9.1R15.2",
        "status": "unaffected",
        "lessThan": "9.1R15.2",
        "versionType": "semver"
      },
      {
        "version": "9.1R16.2",
        "status": "unaffected",
        "lessThan": "9.1R16.2",
        "versionType": "semver"
      },
      {
        "version": "9.1R17.2",
        "status": "unaffected",
        "lessThan": "9.1R17.2",
        "versionType": "semver"
      },
      {
        "version": "9.1R18.3",
        "status": "unaffected",
        "lessThan": "9.1R18.3",
        "versionType": "semver"
      },
      {
        "version": "22.1R6.1",
        "status": "unaffected",
        "lessThan": "22.1R6.1",
        "versionType": "semver"
      },
      {
        "version": "22.2R4.1",
        "status": "affected",
        "lessThan": "22.2R4.1",
        "versionType": "semver"
      },
      {
        "version": "22.3R1.1",
        "status": "affected",
        "lessThan": "22.3R1.1",
        "versionType": "semver"
      },
      {
        "version": "22.4R1.1",
        "status": "affected",
        "lessThan": "22.4R1.1",
        "versionType": "semver"
      },
      {
        "version": "22.5R1.2",
        "status": "affected",
        "lessThan": "22.5R1.2",
        "versionType": "semver"
      },
      {
        "version": "22.6R1.1",
        "status": "affected",
        "lessThan": "22.6R1.1",
        "versionType": "semver"
      },
      {
        "version": "22.4R2.3",
        "status": "affected",
        "lessThan": "22.4R2.3",
        "versionType": "semver"
      },
      {
        "version": "22.5R2.3",
        "status": "affected",
        "lessThan": "22.5R2.3",
        "versionType": "semver"
      },
      {
        "version": "22.6R2.2",
        "status": "affected",
        "lessThan": "22.6R2.2",
        "versionType": "semver"
      },
      {
        "version": "22.2R4.1",
        "status": "unaffected",
        "lessThan": "22.2R4.1",
        "versionType": "semver"
      },
      {
        "version": "22.3R1",
        "status": "unaffected",
        "lessThan": "22.3R1",
        "versionType": "semver"
      },
      {
        "version": "22.4R1.1",
        "status": "unaffected",
        "lessThan": "22.4R1.1",
        "versionType": "semver"
      },
      {
        "version": "22.5R1.1",
        "status": "unaffected",
        "lessThan": "22.5R1.1",
        "versionType": "semver"
      },
      {
        "version": "22.6R1.1",
        "status": "unaffected",
        "lessThan": "22.6R1.1",
        "versionType": "semver"
      },
      {
        "version": "22.4R2.2",
        "status": "unaffected",
        "lessThan": "22.4R2.2",
        "versionType": "semver"
      },
      {
        "version": "22.5R2.2",
        "status": "unaffected",
        "lessThan": "22.5R2.2",
        "versionType": "semver"
      },
      {
        "version": "22.6R2.2",
        "status": "unaffected",
        "lessThan": "22.6R2.2",
        "versionType": "semver"
      }
    ]
  },
  {
    "vendor": "Ivant ",
    "product": "ICS",
    "versions": [
      {
        "version": "9.1R15.3",
        "status": "affected",
        "lessThan": "9.1R15.3",
        "versionType": "semver"
      }
    ]
  },
  {
    "vendor": "Ivanti",
    "product": "IPS",
    "versions": [
      {
        "version": "9.1R18.4",
        "status": "affected",
        "lessThan": "9.1R18.4",
        "versionType": "semver"
      },
      {
        "version": "9.1R17.3",
        "status": "affected",
        "lessThan": "9.1R17.3",
        "versionType": "semver"
      },
      {
        "version": "22.5R1.2",
        "status": "affected",
        "lessThan": "22.5R1.2",
        "versionType": "semver"
      },
      {
        "version": "9.1R18.2",
        "status": "unaffected",
        "lessThan": "9.1R18.2",
        "versionType": "semver"
      },
      {
        "version": "9.1R17.2",
        "status": "unaffected",
        "lessThan": "9.1R17.2",
        "versionType": "semver"
      },
      {
        "version": "22.5R1.1",
        "status": "unaffected",
        "lessThan": "22.5R1.1",
        "versionType": "semver"
      }
    ]
  }
]

Related

githubexploit 2
hivepro 1
impervablog 1
nvd 1
cve 1
prion 1
akamaiblog 1
nuclei 1
attackerkb 1
malwarebytes 1
thn 3
nessus 2
ics 1
githubexploit
githubexploit
Exploit for Improper Restriction of XML External Entity Reference in Ivanti Connect Secure
2024-02-09 14:31:56
Exploit for Improper Restriction of XML External Entity Reference in Ivanti Connect Secure
2024-02-10 06:23:44
hivepro
hivepro
Ivanti Addresses Yet Another VPN Flaw Within a Month
2024-02-12 11:47:34
impervablog
impervablog
Imperva defends customers against CVE-2024-22024 in Ivanti products
2024-02-13 22:18:53
nvd
nvd
CVE-2024-22024
2024-02-13 04:15:07
cve
cve
CVE-2024-22024
2024-02-13 04:15:07
prion
prion
Xxe
2024-02-13 04:15:00
akamaiblog
akamaiblog
Scanning Activity for CVE-2024-22024 (XXE) Vulnerability in Ivanti
2024-02-14 06:00:00
nuclei
nuclei
Ivanti Connect Secure - XXE
2024-02-09 07:59:13
attackerkb
attackerkb
CVE-2024-22024
2024-02-13 00:00:00
malwarebytes
malwarebytes
Ivanti urges customers to patch yet another critical vulnerability
2024-02-09 18:13:42
thn
thn
Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries
2024-02-15 14:20:00
Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities
2024-03-01 06:26:00
Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways
2024-02-09 03:35:00
nessus
nessus
Ivanti Policy Secure 9.x / 22.x Multiple Vulnerabilities
2024-02-09 00:00:00
Ivanti Connect Secure 9.x / 22.x Multiple Vulnerabilities
2024-01-10 00:00:00
ics
ics
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
2024-02-29 12:00:00

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

8.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

JSON
Related for CVELIST:CVE-2024-22024
githubexploit2hivepro1impervablog1nvd1cve1prion1akamaiblog1nuclei1attackerkb1malwarebytes1thn3nessus2ics1