← Volver a CVEs
CVE-2024-21893
HIGHCISA KEV8.2
Descripcion
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
Detalles CVE
Puntuacion CVSS v3.18.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/31/2024
Ultima modificacion10/30/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorIvanti
ProductoConnect Secure, Policy Secure, and Neurons
Nombre vulnerabilidadIvanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
Fecha inclusion KEV2024-01-31
Fecha limite remediacion2024-02-02
Uso en ransomwareKnown
Productos afectados
ivanti:connect_secureivanti:neurons_for_zero-trust_accessivanti:policy_secure
Debilidades (CWE)
CWE-918CWE-918
Referencias
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US(support@hackerone.com)
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21893(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.