A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2024-01-12T17:02:16.481Z

Updated: 2024-08-01T22:35:33.413Z

Reserved: 2024-01-03T01:04:06.538Z

Link: CVE-2024-21887

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2024-01-12T17:15:10.017

Modified: 2024-11-29T15:21:57.970

Link: CVE-2024-21887

cve-icon Redhat

No data.