Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hiveproHive ProHIVEPRO:3C742F4F19F59475725D73BE9A78D683
HistoryFeb 12, 2024 - 11:47 a.m.

Ivanti Addresses Yet Another VPN Flaw Within a Month

2024-02-1211:47:34
Hive Pro
www.hivepro.com
15
ivanti
vpn flaw
cve-2024-22024
zta
policy
connect secure
saml
xxe
remote attackers
threat advisory
pdf file
hiveforce labs
linkedin

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.3%

JSON

Summary: Ivanti has addressed a newly discovered vulnerability impacting ZTA, Policy, and Connect Secure gateways. Tracked as CVE-2024-22024, this vulnerability stems from a weakness in the SAML component of the gateways related to XXE (XML eXternal Entities), enabling remote attackers to access restricted resources. Threat Level - Red | Vulnerability Report For a detailed threat advisory, download the pdf file here To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.

Related

impervablog 1
cve 1
githubexploit 2
attackerkb 1
akamaiblog 1
cvelist 1
prion 1
nuclei 1
malwarebytes 1
thn 3
nessus 2
ics 1
impervablog
impervablog
Imperva defends customers against CVE-2024-22024 in Ivanti products
2024-02-13 22:18:53
cve
cve
CVE-2024-22024
2024-02-13 04:15:07
githubexploit
githubexploit
Exploit for Improper Restriction of XML External Entity Reference in Ivanti Connect Secure
2024-02-10 06:23:44
Exploit for Improper Restriction of XML External Entity Reference in Ivanti Connect Secure
2024-02-09 14:31:56
attackerkb
attackerkb
CVE-2024-22024
2024-02-13 00:00:00
akamaiblog
akamaiblog
Scanning Activity for CVE-2024-22024 (XXE) Vulnerability in Ivanti
2024-02-14 06:00:00
cvelist
cvelist
CVE-2024-22024
2024-02-13 04:07:04
prion
prion
Xxe
2024-02-13 04:15:00
nuclei
nuclei
Ivanti Connect Secure - XXE
2024-02-09 07:59:13
malwarebytes
malwarebytes
Ivanti urges customers to patch yet another critical vulnerability
2024-02-09 18:13:42
thn
thn
Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries
2024-02-15 14:20:00
Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways
2024-02-09 03:35:00
Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities
2024-03-01 06:26:00
nessus
nessus
Ivanti Connect Secure 9.x / 22.x Multiple Vulnerabilities
2024-01-10 00:00:00
Ivanti Policy Secure 9.x / 22.x Multiple Vulnerabilities
2024-02-09 00:00:00
ics
ics
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
2024-02-29 12:00:00

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.3%

JSON
Related for HIVEPRO:3C742F4F19F59475725D73BE9A78D683
impervablog1cve1githubexploit2attackerkb1akamaiblog1cvelist1prion1nuclei1malwarebytes1thn3nessus2ics1