← Back to CVEs
CVE-2024-21893
HIGHCISA KEV8.2
Description
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
CVE Details
CVSS v3.1 Score8.2
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published1/31/2024
Last Modified10/30/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorIvanti
ProductConnect Secure, Policy Secure, and Neurons
Vulnerability NameIvanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
KEV Date Added2024-01-31
Remediation Due Date2024-02-02
Ransomware UseKnown
Affected Products
ivanti:connect_secureivanti:neurons_for_zero-trust_accessivanti:policy_secure
Weaknesses (CWE)
CWE-918CWE-918
References
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US(support@hackerone.com)
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21893(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.