cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-22024,https://securityvulnerability.io/vulnerability/CVE-2024-22024,Ivanti Connect Secure XML External Entity Vulnerability,"An XML external entity (XXE) vulnerability exists in the SAML component of Ivanti Connect Secure and Ivanti Policy Secure products, along with ZTA gateways. This vulnerability can be exploited by an attacker, allowing unauthorized access to specific restricted resources without proper authentication. Given this flaw, organizations using affected versions are urged to apply necessary security measures to mitigate potential security risks associated with unauthorized access.",Ivanti,"ICS,IPS",8.3,HIGH,0.016510000452399254,false,true,true,true,true,true,true,2024-02-13T04:07:04.355Z,18183
CVE-2024-21893,https://securityvulnerability.io/vulnerability/CVE-2024-21893,Server-Side Request Forgery Vulnerability in Ivanti Connect Secure,"A server-side request forgery vulnerability exists in the SAML component of Ivanti Connect Secure and Ivanti Policy Secure. This flaw permits attackers to access restricted resources without proper authentication, potentially leading to unauthorized actions within the affected systems. The vulnerability impacts multiple versions of both products, creating significant security concerns for organizations that rely on them for secure connectivity and policy enforcement.",Ivanti,"ICS,IPS",8.2,HIGH,0.9598100185394287,true,true,true,true,true,true,true,2024-01-31T17:51:35.095Z,19360
CVE-2024-21888,https://securityvulnerability.io/vulnerability/CVE-2024-21888,Privilege Escalation Vulnerability Affects Ivanti Connect Secure and Policy Secure,"A vulnerability exists in the web components of Ivanti Connect Secure and Ivanti Policy Secure, allowing an authenticated user to escalate their privileges to that of an administrator. This could potentially lead to unauthorized access to sensitive functions and data, significantly compromising the security of affected systems. It is crucial for users of the specified versions to apply any available security patches and follow best practices for securing their installations.",Ivanti,"ICS,IPS",8.8,HIGH,0.0005799999926239252,false,true,true,true,,false,false,2024-01-31T17:51:34.941Z,0
CVE-2024-21887,https://securityvulnerability.io/vulnerability/CVE-2024-21887,Ivanti Connect Secure Command Injection Vulnerability,"A command injection vulnerability exists in the web components of Ivanti Connect Secure and Ivanti Policy Secure. This issue arises when an authenticated administrator is able to send specially crafted requests, which may allow the execution of arbitrary commands on the affected appliance. This vulnerability poses significant risks as it can potentially compromise the integrity and confidentiality of the system. Administrators are urged to apply necessary mitigations and updates to prevent exploitation.",Ivanti,"ICS,IPS",9.1,CRITICAL,0.9710800051689148,true,true,true,true,true,true,false,2024-01-12T17:02:16.481Z,13452
CVE-2023-46805,https://securityvulnerability.io/vulnerability/CVE-2023-46805,Remote Authentication Bypass Vulnerability Affects Ivanti ICS and Policy Secure,"An identified authentication bypass vulnerability within the web component of Ivanti Connect Secure, including both the 9.x and 22.x versions, along with Ivanti Policy Secure, allows remote attackers to access restricted resources without proper authorization. This vulnerability compromises the integrity of control checks, enabling unauthorized users to bypass security measures and gain access to sensitive areas within the systems.",Ivanti,"ICS,IPS",8.2,HIGH,0.9640499949455261,true,true,true,true,true,true,true,2024-01-12T17:02:16.452Z,31955