EUVD-2024-19629

Malicious code in bioql PyPI...

EUVD-2023-40502

Malicious code in bioql PyPI...

CVE-2023-36555

An improper neutralization of script-related html tags in a web page basic xss in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components...

SUSE CVE-2024-21893

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication...

CVE-2024-22023

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS...

CVE-2024-22023

CVE-2024-22023 describes an XML entity expansion (XXE) vulnerability in the SAML component of Ivanti Connect Secure and Ivanti Policy Secure (versions 9.x–22.x). An unauthenticated attacker can send specially crafted XML requests to trigger resource exhaustion and temporary DoS. The provided docu...

CVE-2024-22023

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS...

CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...

CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication. Recent assessments: cbeek-r7 at February 09, 2024 3:26pm UT...

Ivanti Connect Secure Server-Side Request Forgery

Added: 02/05/2024 Background Ivanti Connect Secure is a web-based remote access VPN. Problem A server-side request forgery vulnerability in the SAML component allows attackers to access restricted resources without authentication. This can lead to remote command execution when chained with other...

Exploit for Server-Side Request Forgery in Ivanti Connect_Secure

CVE-2024-21893 is server-side request forgery vulnerability in...

CVE-2024-21893

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication...

Server side request forgery (ssrf)

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication...

CVE-2024-21893

Technical details about CVE-2024-21893 are not provided in the connected documents. The initial description notes an SSRF vulnerability in Ivanti products, but there are no product/version specifics or remediation details here. Monitor for updates.

PT-2024-1620 · Ivanti · Ivanti Policy Secure +2

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions 9.x through 22.x Ivanti Policy Secure versions 9.x through 22.x Ivanti Neurons for Zero Trust Access nZTA affected versions not specified Description: The issue is related to an XML external entity XXE...

CVE-2024-21893

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. Recent assessments: ccondon-r7 at February 02, 2024...

Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways

Information on these vulnerabilities has evolved considerably since this blog was originally published on January 11, 2024. Customers should refer to Ivanti's two advisories, KB article, and recovery guidance for the latest updates. On Wednesday, January 10, 2024, Ivanti disclosed two zero-day...