CVE-2024-21893

Опубликовано: 31 янв. 2024

Источник: nvd

CVSS3: 8.2

EPSS Критический

Описание

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r3.5:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r4:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r4.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r5.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.0:r6.0:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r18.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r18.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.6:r2.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.0:-:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.0:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.0:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.0:r2.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.0:r3:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.0:r3.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.0:r4:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r18.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r18.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r4.3:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:ivanti:neurons_for_zero-trust_access:-:*:*:*:*:*:*:*

cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r4:*:*:*:*:*:*

cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r5:*:*:*:*:*:*

cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r4:*:*:*:*:*:*

cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r3:*:*:*:*:*:*

cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.2:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.9432

Критический

8.2 High

CVSS3

8.2 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-5rr9-mqhj-7cr2

CVSS3: 8.2

github

почти 2 года назад

BDU:2024-01028

CVSS3: 8.2

fstec

почти 2 года назад

Уязвимость компонента SAML средств контроля сетевого доступа Ivanti Connect Secure и Ivanti Policy Secure, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 100%

0.9432

Критический

8.2 High

CVSS3

8.2 High

CVSS3

Дефекты

CWE-918