A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
References
Configurations
Configuration 1 (hide)
|
History
31 Jan 2024, 19:54
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-31 18:15
Updated : 2024-02-01 02:00
NVD link : CVE-2024-21893
Mitre link : CVE-2024-21893
CVE.ORG link : CVE-2024-21893
JSON object : View
Products Affected
ivanti
- policy_secure
- connect_secure
- neurons_for_zero-trust_access
CWE
CWE-918
Server-Side Request Forgery (SSRF)