CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.943

EPSS Ranking 99.9%

CVSS Severity

CVSS v3 Score 8.3

References

https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

Products affected by CVE-2024-22024

Ivanti » Connect Secure » Version: 22.4

cpe:2.3:a:ivanti:connect_secure:22.4
Ivanti » Connect Secure » Version: 22.5

cpe:2.3:a:ivanti:connect_secure:22.5
Ivanti » Connect Secure » Version: 9.1

cpe:2.3:a:ivanti:connect_secure:9.1
Ivanti » Policy Secure » Version: 22.5

cpe:2.3:a:ivanti:policy_secure:22.5
Ivanti » Zero Trust Access » Version: 22.6

cpe:2.3:a:ivanti:zero_trust_access:22.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-22024

Products

Pricing

Contact Us