CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-21894

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code

Exploit prediction scoring system (EPSS) score

EPSS Score 0.081

EPSS Ranking 91.7%

CVSS Severity

CVSS v3 Score 8.2

References

Products affected by CVE-2024-21894

Ivanti » Connect Secure » Version: 22.1

cpe:2.3:a:ivanti:connect_secure:22.1
Ivanti » Connect Secure » Version: 22.2

cpe:2.3:a:ivanti:connect_secure:22.2
Ivanti » Connect Secure » Version: 22.3

cpe:2.3:a:ivanti:connect_secure:22.3
Ivanti » Connect Secure » Version: 22.4

cpe:2.3:a:ivanti:connect_secure:22.4
Ivanti » Connect Secure » Version: 22.5

cpe:2.3:a:ivanti:connect_secure:22.5
Ivanti » Connect Secure » Version: 22.6

cpe:2.3:a:ivanti:connect_secure:22.6
Ivanti » Connect Secure » Version: 9.1

cpe:2.3:a:ivanti:connect_secure:9.1
Ivanti » Policy Secure » Version: 22.1

cpe:2.3:a:ivanti:policy_secure:22.1
Ivanti » Policy Secure » Version: 22.2

cpe:2.3:a:ivanti:policy_secure:22.2
Ivanti » Policy Secure » Version: 22.3

cpe:2.3:a:ivanti:policy_secure:22.3
Ivanti » Policy Secure » Version: 22.4

cpe:2.3:a:ivanti:policy_secure:22.4
Ivanti » Policy Secure » Version: 22.5

cpe:2.3:a:ivanti:policy_secure:22.5
Ivanti » Policy Secure » Version: 22.6

cpe:2.3:a:ivanti:policy_secure:22.6
Ivanti » Policy Secure » Version: 9.0

cpe:2.3:a:ivanti:policy_secure:9.0
Ivanti » Policy Secure » Version: 9.1

cpe:2.3:a:ivanti:policy_secure:9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-21894

Products

Pricing

Contact Us