← Voltar para CVEs
CVE-2024-21893
HIGHCISA KEV8.2
Descricao
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
Detalhes CVE
Pontuacao CVSS v3.18.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/31/2024
Ultima modificacao10/30/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorIvanti
ProdutoConnect Secure, Policy Secure, and Neurons
Nome da vulnerabilidadeIvanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
Data inclusao KEV2024-01-31
Prazo de remediacao2024-02-02
Uso em ransomwareKnown
Produtos afetados
ivanti:connect_secureivanti:neurons_for_zero-trust_accessivanti:policy_secure
Fraquezas (CWE)
CWE-918CWE-918
Referencias
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US(support@hackerone.com)
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21893(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.