Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-21888

Опубликовано: 31 янв. 2024
Источник: nvd
CVSS3: 8.8
CVSS3: 8.8
EPSS Средний

Описание

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r3.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r4.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r5.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.0:r6.0:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r18.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:22.6:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.0:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.0:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.0:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.0:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.0:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.0:r3.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.0:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r18.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r18.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r4.3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*

EPSS

Процентиль: 98%
0.64004
Средний

8.8 High

CVSS3

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo
CWE-269

Связанные уязвимости

github логотип

GHSA-24gf-6m5f-h6pg

CVSS3: 8.8
github
почти 2 года назад

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

fstec логотип

BDU:2024-00974

CVSS3: 8.8
fstec
почти 2 года назад

Уязвимость веб-компонента средств контроля сетевого доступа Ivanti Connect Secure и Ivanti Policy Secure, позволяющая нарушителю

fstec логотип

BDU:2024-01028

CVSS3: 8.2
fstec
почти 2 года назад

Уязвимость компонента SAML средств контроля сетевого доступа Ivanti Connect Secure и Ivanti Policy Secure, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 98%
0.64004
Средний

8.8 High

CVSS3

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo
CWE-269