A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
History

Fri, 29 Nov 2024 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.2:r5:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.3:r4:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.4:r3:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.5:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1.2:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_zero-trust_access:22.6:r1:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2024-01-31T17:51:35.095Z

Updated: 2024-08-01T22:35:33.414Z

Reserved: 2024-01-03T01:04:06.539Z

Link: CVE-2024-21893

cve-icon Vulnrichment

Updated: 2024-08-01T22:35:33.414Z

cve-icon NVD

Status : Analyzed

Published: 2024-01-31T18:15:47.437

Modified: 2024-11-29T15:16:27.133

Link: CVE-2024-21893

cve-icon Redhat

No data.