CVE-2024-9844

Опубликовано: 10 дек. 2024

Источник: nvd

CVSS3: 7.1

CVSS3: 8.8

EPSS Низкий

Описание

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.

Ссылки

https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*

Версия до 22.7 (исключая)

cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*

cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00327

Низкий

7.1 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-602

NVD-CWE-Other

Связанные уязвимости

GHSA-7g9r-c948-vw87

CVSS3: 7.1

github

около 1 года назад

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.

EPSS

Процентиль: 55%

0.00327

Низкий

7.1 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-602

NVD-CWE-Other