A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
References
Configurations
Configuration 1 (hide)
|
History
22 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jan 2024, 02:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
12 Jan 2024, 20:46
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 | |
First Time |
Ivanti policy Secure
Ivanti Ivanti connect Secure |
|
References | () https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US - Vendor Advisory | |
CPE | cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:* cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:* cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:* |
12 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-12 17:15
Updated : 2024-01-22 17:15
NVD link : CVE-2024-21887
Mitre link : CVE-2024-21887
CVE.ORG link : CVE-2024-21887
JSON object : View
Products Affected
ivanti
- policy_secure
- connect_secure
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')