An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2024-02-13T04:07:04.355Z
Updated: 2024-02-13T04:07:04.355Z
Reserved: 2024-01-04T01:04:06.574Z
Link: CVE-2024-22024
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-02-13T04:15:07.943
Modified: 2024-02-13T15:15:32.193
Link: CVE-2024-22024
JSON object: View
Redhat Information
No data.
CWE