CVE-2024-29205 - Vulnerability Details

Vendors	Products
Ivanti	Connect Secure Policy Secure

Link	Providers
https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

Type	Values Removed	Values Added
First Time appeared		Ivanti Ivanti connect Secure Ivanti policy Secure
CPEs		cpe:2.3:a:ivanti:connect_secure:::::::: cpe:2.3:a:ivanti:policy_secure::::::::
Vendors & Products		Ivanti Ivanti connect Secure Ivanti policy Secure
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29205", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2024-03-19T01:04:06.323Z", "datePublished": "2024-04-24T23:12:51.923Z", "dateUpdated": "2024-10-03T21:30:48.706Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ivanti", "product": "Connect Secure", "versions": [{"version": "9.1R18.5", "status": "affected", "lessThan": "9.1R18.5", "versionType": "semver"}, {"version": "22.6R2.3", "status": "affected", "lessThan": "22.6R2.3", "versionType": "semver"}, {"version": "9.1R17.4", "status": "affected", "lessThan": "9.1R17.4", "versionType": "semver"}, {"version": "22.2R3", "status": "affected", "lessThan": "22.2R3", "versionType": "semver"}, {"version": "22.5R2.4", "status": "affected", "lessThan": "22.5R2.4", "versionType": "semver"}, {"version": "9.1R14.6", "status": "affected", "lessThan": "9.1R14.6", "versionType": "semver"}, {"version": "9.1R16.4", "status": "affected", "lessThan": "9.1R16.4", "versionType": "semver"}, {"version": "9.1R15.4", "status": "affected", "lessThan": "9.1R15.4", "versionType": "semver"}, {"version": "22.2R4.2", "status": "affected", "lessThan": "22.2R4.2", "versionType": "semver"}, {"version": "22.4R1.2", "status": "affected", "lessThan": "22.4R1.2", "versionType": "semver"}, {"version": "22.6R1.2", "status": "affected", "lessThan": "22.6R1.2", "versionType": "semver"}, {"version": "22.1R6.2", "status": "affected", "lessThan": "22.1R6.2", "versionType": "semver"}, {"version": "22.3R1.2", "status": "affected", "lessThan": "22.3R1.2", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ivanti ", "product": "Connect Secure", "versions": [{"version": "22.4R2.4", "status": "affected", "lessThan": "22.4R2.4", "versionType": "semver"}, {"version": "22.5R1.3", "status": "affected", "lessThan": "22.5R1.3", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ivanti", "product": "Policy Secure", "versions": [{"version": "22.5R1.3", "status": "affected", "lessThan": "22.5R1.3", "versionType": "semver"}, {"version": "9.1R18.5", "status": "affected", "lessThan": "9.1R18.5", "versionType": "semver"}, {"version": "9.1R17.4", "status": "affected", "lessThan": "9.1R17.4", "versionType": "semver"}, {"version": "22.2R3", "status": "affected", "lessThan": "22.2R3", "versionType": "semver"}]}], "references": [{"url": "https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-04-24T23:12:51.923Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-703", "lang": "en", "description": "CWE-703 Improper Check or Handling of Exceptional Conditions"}]}], "affected": [{"vendor": "ivanti", "product": "connect_secure", "cpes": ["cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "9.1R18.5", "status": "affected"}, {"version": "22.6R2.3", "status": "affected"}, {"version": "9.1R17.4", "status": "affected"}, {"version": "22.2R3", "status": "affected"}, {"version": "22.5R2.4", "status": "affected"}, {"version": "9.1R14.6", "status": "affected"}, {"version": "9.1R15.4", "status": "affected"}, {"version": "22.2R4.2", "status": "affected"}, {"version": "22.4R1.2", "status": "affected"}, {"version": "22.6R1.2", "status": "affected"}, {"version": "22.1R6.2", "status": "affected"}, {"version": "22.3R1.2", "status": "affected"}, {"version": "22.4R2.4", "status": "affected"}, {"version": "22.5R1.3", "status": "affected"}]}, {"vendor": "ivanti", "product": "policy_secure", "cpes": ["cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "22.5R1.3", "status": "affected"}, {"version": "9.1R18.5", "status": "affected"}, {"version": "9.1R17.4", "status": "affected"}, {"version": "22.2R3", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-20T14:41:02.374802Z", "id": "CVE-2024-29205", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T21:30:48.706Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:54.619Z"}, "title": "CVE Program Container", "references": [{"url": "https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-29205 (string)

assignerOrgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

state : PUBLISHED (string)

assignerShortName : hackerone (string)

dateReserved : 2024-03-19T01:04:06.323Z (string)

datePublished : 2024-04-24T23:12:51.923Z (string)

dateUpdated : 2024-10-03T21:30:48.706Z (string)

}

containers : { »

cna : { »

descriptions : [ »

0 : { »

lang : en (string)

value : An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions. (string)

}

]

affected : [ »

0 : { »

defaultStatus : unaffected (string)

vendor : Ivanti (string)

product : Connect Secure (string)

versions : [ »

0 : { »

version : 9.1R18.5 (string)

status : affected (string)

lessThan : 9.1R18.5 (string)

versionType : semver (string)

}

1 : { »

version : 22.6R2.3 (string)

status : affected (string)

lessThan : 22.6R2.3 (string)

versionType : semver (string)

}

2 : { »

version : 9.1R17.4 (string)

status : affected (string)

lessThan : 9.1R17.4 (string)

versionType : semver (string)

}

3 : { »

version : 22.2R3 (string)

status : affected (string)

lessThan : 22.2R3 (string)

versionType : semver (string)

}

4 : { »

version : 22.5R2.4 (string)

status : affected (string)

lessThan : 22.5R2.4 (string)

versionType : semver (string)

}

5 : { »

version : 9.1R14.6 (string)

status : affected (string)

lessThan : 9.1R14.6 (string)

versionType : semver (string)

}

6 : { »

version : 9.1R16.4 (string)

status : affected (string)

lessThan : 9.1R16.4 (string)

versionType : semver (string)

}

7 : { »

version : 9.1R15.4 (string)

status : affected (string)

lessThan : 9.1R15.4 (string)

versionType : semver (string)

}

8 : { »

version : 22.2R4.2 (string)

status : affected (string)

lessThan : 22.2R4.2 (string)

versionType : semver (string)

}

9 : { »

version : 22.4R1.2 (string)

status : affected (string)

lessThan : 22.4R1.2 (string)

versionType : semver (string)

}

10 : { »

version : 22.6R1.2 (string)

status : affected (string)

lessThan : 22.6R1.2 (string)

versionType : semver (string)

}

11 : { »

version : 22.1R6.2 (string)

status : affected (string)

lessThan : 22.1R6.2 (string)

versionType : semver (string)

}

12 : { »

version : 22.3R1.2 (string)

status : affected (string)

lessThan : 22.3R1.2 (string)

versionType : semver (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

vendor : Ivanti (string)

product : Connect Secure (string)

versions : [ »

0 : { »

version : 22.4R2.4 (string)

status : affected (string)

lessThan : 22.4R2.4 (string)

versionType : semver (string)

}

1 : { »

version : 22.5R1.3 (string)

status : affected (string)

lessThan : 22.5R1.3 (string)

versionType : semver (string)

}

]

}

2 : { »

defaultStatus : unaffected (string)

vendor : Ivanti (string)

product : Policy Secure (string)

versions : [ »

0 : { »

version : 22.5R1.3 (string)

status : affected (string)

lessThan : 22.5R1.3 (string)

versionType : semver (string)

}

1 : { »

version : 9.1R18.5 (string)

status : affected (string)

lessThan : 9.1R18.5 (string)

versionType : semver (string)

}

2 : { »

version : 9.1R17.4 (string)

status : affected (string)

lessThan : 9.1R17.4 (string)

versionType : semver (string)

}

3 : { »

version : 22.2R3 (string)

status : affected (string)

lessThan : 22.2R3 (string)

versionType : semver (string)

}

]

}

]

references : [ »

0 : { »

url : https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

version : 3.0 (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

}

]

providerMetadata : { »

orgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

shortName : hackerone (string)

dateUpdated : 2024-04-24T23:12:51.923Z (string)

}

adp : [ »

0 : { »

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-703 (string)

lang : en (string)

description : CWE-703 Improper Check or Handling of Exceptional Conditions (string)

}

]

}

]

affected : [ »

0 : { »

vendor : ivanti (string)

product : connect_secure (string)

cpes : [ »

0 : cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

version : 9.1R18.5 (string)

status : affected (string)

}

1 : { »

version : 22.6R2.3 (string)

status : affected (string)

}

2 : { »

version : 9.1R17.4 (string)

status : affected (string)

}

3 : { »

version : 22.2R3 (string)

status : affected (string)

}

4 : { »

version : 22.5R2.4 (string)

status : affected (string)

}

5 : { »

version : 9.1R14.6 (string)

status : affected (string)

}

6 : { »

version : 9.1R15.4 (string)

status : affected (string)

}

7 : { »

version : 22.2R4.2 (string)

status : affected (string)

}

8 : { »

version : 22.4R1.2 (string)

status : affected (string)

}

9 : { »

version : 22.6R1.2 (string)

status : affected (string)

}

10 : { »

version : 22.1R6.2 (string)

status : affected (string)

}

11 : { »

version : 22.3R1.2 (string)

status : affected (string)

}

12 : { »

version : 22.4R2.4 (string)

status : affected (string)

}

13 : { »

version : 22.5R1.3 (string)

status : affected (string)

}

]

}

1 : { »

vendor : ivanti (string)

product : policy_secure (string)

cpes : [ »

0 : cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

version : 22.5R1.3 (string)

status : affected (string)

}

1 : { »

version : 9.1R18.5 (string)

status : affected (string)

}

2 : { »

version : 9.1R17.4 (string)

status : affected (string)

}

3 : { »

version : 22.2R3 (string)

status : affected (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-06-20T14:41:02.374802Z (string)

id : CVE-2024-29205 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-03T21:30:48.706Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T01:10:54.619Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:54.619Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29205", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-20T14:41:02.374802Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*"], "vendor": "ivanti", "product": "connect_secure", "versions": [{"status": "affected", "version": "9.1R18.5"}, {"status": "affected", "version": "22.6R2.3"}, {"status": "affected", "version": "9.1R17.4"}, {"status": "affected", "version": "22.2R3"}, {"status": "affected", "version": "22.5R2.4"}, {"status": "affected", "version": "9.1R14.6"}, {"status": "affected", "version": "9.1R15.4"}, {"status": "affected", "version": "22.2R4.2"}, {"status": "affected", "version": "22.4R1.2"}, {"status": "affected", "version": "22.6R1.2"}, {"status": "affected", "version": "22.1R6.2"}, {"status": "affected", "version": "22.3R1.2"}, {"status": "affected", "version": "22.4R2.4"}, {"status": "affected", "version": "22.5R1.3"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*"], "vendor": "ivanti", "product": "policy_secure", "versions": [{"status": "affected", "version": "22.5R1.3"}, {"status": "affected", "version": "9.1R18.5"}, {"status": "affected", "version": "9.1R17.4"}, {"status": "affected", "version": "22.2R3"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-703", "description": "CWE-703 Improper Check or Handling of Exceptional Conditions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T14:54:25.257Z"}}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "affected": [{"vendor": "Ivanti", "product": "Connect Secure", "versions": [{"status": "affected", "version": "9.1R18.5", "lessThan": "9.1R18.5", "versionType": "semver"}, {"status": "affected", "version": "22.6R2.3", "lessThan": "22.6R2.3", "versionType": "semver"}, {"status": "affected", "version": "9.1R17.4", "lessThan": "9.1R17.4", "versionType": "semver"}, {"status": "affected", "version": "22.2R3", "lessThan": "22.2R3", "versionType": "semver"}, {"status": "affected", "version": "22.5R2.4", "lessThan": "22.5R2.4", "versionType": "semver"}, {"status": "affected", "version": "9.1R14.6", "lessThan": "9.1R14.6", "versionType": "semver"}, {"status": "affected", "version": "9.1R16.4", "lessThan": "9.1R16.4", "versionType": "semver"}, {"status": "affected", "version": "9.1R15.4", "lessThan": "9.1R15.4", "versionType": "semver"}, {"status": "affected", "version": "22.2R4.2", "lessThan": "22.2R4.2", "versionType": "semver"}, {"status": "affected", "version": "22.4R1.2", "lessThan": "22.4R1.2", "versionType": "semver"}, {"status": "affected", "version": "22.6R1.2", "lessThan": "22.6R1.2", "versionType": "semver"}, {"status": "affected", "version": "22.1R6.2", "lessThan": "22.1R6.2", "versionType": "semver"}, {"status": "affected", "version": "22.3R1.2", "lessThan": "22.3R1.2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ivanti ", "product": "Connect Secure", "versions": [{"status": "affected", "version": "22.4R2.4", "lessThan": "22.4R2.4", "versionType": "semver"}, {"status": "affected", "version": "22.5R1.3", "lessThan": "22.5R1.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ivanti", "product": "Policy Secure", "versions": [{"status": "affected", "version": "22.5R1.3", "lessThan": "22.5R1.3", "versionType": "semver"}, {"status": "affected", "version": "9.1R18.5", "lessThan": "9.1R18.5", "versionType": "semver"}, {"status": "affected", "version": "9.1R17.4", "lessThan": "9.1R17.4", "versionType": "semver"}, {"status": "affected", "version": "22.2R3", "lessThan": "22.2R3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"}], "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-04-24T23:12:51.923Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29205", "state": "PUBLISHED", "dateUpdated": "2024-10-03T21:30:48.706Z", "dateReserved": "2024-03-19T01:04:06.323Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2024-04-24T23:12:51.923Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T01:10:54.619Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-29205 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-06-20T14:41:02.374802Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:* (string)

]

vendor : ivanti (string)

product : connect_secure (string)

versions : [ »

0 : { »

status : affected (string)

version : 9.1R18.5 (string)

}

1 : { »

status : affected (string)

version : 22.6R2.3 (string)

}

2 : { »

status : affected (string)

version : 9.1R17.4 (string)

}

3 : { »

status : affected (string)

version : 22.2R3 (string)

}

4 : { »

status : affected (string)

version : 22.5R2.4 (string)

}

5 : { »

status : affected (string)

version : 9.1R14.6 (string)

}

6 : { »

status : affected (string)

version : 9.1R15.4 (string)

}

7 : { »

status : affected (string)

version : 22.2R4.2 (string)

}

8 : { »

status : affected (string)

version : 22.4R1.2 (string)

}

9 : { »

status : affected (string)

version : 22.6R1.2 (string)

}

10 : { »

status : affected (string)

version : 22.1R6.2 (string)

}

11 : { »

status : affected (string)

version : 22.3R1.2 (string)

}

12 : { »

status : affected (string)

version : 22.4R2.4 (string)

}

13 : { »

status : affected (string)

version : 22.5R1.3 (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

cpes : [ »

0 : cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:* (string)

]

vendor : ivanti (string)

product : policy_secure (string)

versions : [ »

0 : { »

status : affected (string)

version : 22.5R1.3 (string)

}

1 : { »

status : affected (string)

version : 9.1R18.5 (string)

}

2 : { »

status : affected (string)

version : 9.1R17.4 (string)

}

3 : { »

status : affected (string)

version : 22.2R3 (string)

}

]

defaultStatus : unaffected (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-703 (string)

description : CWE-703 Improper Check or Handling of Exceptional Conditions (string)

}

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-20T14:54:25.257Z (string)

}

]

cna : { »

metrics : [ »

0 : { »

cvssV3_0 : { »

version : 3.0 (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

}

]

affected : [ »

0 : { »

vendor : Ivanti (string)

product : Connect Secure (string)

versions : [ »

0 : { »

status : affected (string)

version : 9.1R18.5 (string)

lessThan : 9.1R18.5 (string)

versionType : semver (string)

}

1 : { »

status : affected (string)

version : 22.6R2.3 (string)

lessThan : 22.6R2.3 (string)

versionType : semver (string)

}

2 : { »

status : affected (string)

version : 9.1R17.4 (string)

lessThan : 9.1R17.4 (string)

versionType : semver (string)

}

3 : { »

status : affected (string)

version : 22.2R3 (string)

lessThan : 22.2R3 (string)

versionType : semver (string)

}

4 : { »

status : affected (string)

version : 22.5R2.4 (string)

lessThan : 22.5R2.4 (string)

versionType : semver (string)

}

5 : { »

status : affected (string)

version : 9.1R14.6 (string)

lessThan : 9.1R14.6 (string)

versionType : semver (string)

}

6 : { »

status : affected (string)

version : 9.1R16.4 (string)

lessThan : 9.1R16.4 (string)

versionType : semver (string)

}

7 : { »

status : affected (string)

version : 9.1R15.4 (string)

lessThan : 9.1R15.4 (string)

versionType : semver (string)

}

8 : { »

status : affected (string)

version : 22.2R4.2 (string)

lessThan : 22.2R4.2 (string)

versionType : semver (string)

}

9 : { »

status : affected (string)

version : 22.4R1.2 (string)

lessThan : 22.4R1.2 (string)

versionType : semver (string)

}

10 : { »

status : affected (string)

version : 22.6R1.2 (string)

lessThan : 22.6R1.2 (string)

versionType : semver (string)

}

11 : { »

status : affected (string)

version : 22.1R6.2 (string)

lessThan : 22.1R6.2 (string)

versionType : semver (string)

}

12 : { »

status : affected (string)

version : 22.3R1.2 (string)

lessThan : 22.3R1.2 (string)

versionType : semver (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

vendor : Ivanti (string)

product : Connect Secure (string)

versions : [ »

0 : { »

status : affected (string)

version : 22.4R2.4 (string)

lessThan : 22.4R2.4 (string)

versionType : semver (string)

}

1 : { »

status : affected (string)

version : 22.5R1.3 (string)

lessThan : 22.5R1.3 (string)

versionType : semver (string)

}

]

defaultStatus : unaffected (string)

}

2 : { »

vendor : Ivanti (string)

product : Policy Secure (string)

versions : [ »

0 : { »

status : affected (string)

version : 22.5R1.3 (string)

lessThan : 22.5R1.3 (string)

versionType : semver (string)

}

1 : { »

status : affected (string)

version : 9.1R18.5 (string)

lessThan : 9.1R18.5 (string)

versionType : semver (string)

}

2 : { »

status : affected (string)

version : 9.1R17.4 (string)

lessThan : 9.1R17.4 (string)

versionType : semver (string)

}

3 : { »

status : affected (string)

version : 22.2R3 (string)

lessThan : 22.2R3 (string)

versionType : semver (string)

}

]

defaultStatus : unaffected (string)

}

]

references : [ »

0 : { »

url : https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions. (string)

}

]

providerMetadata : { »

orgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

shortName : hackerone (string)

dateUpdated : 2024-04-24T23:12:51.923Z (string)

}

cveMetadata : { »

cveId : CVE-2024-29205 (string)

state : PUBLISHED (string)

dateUpdated : 2024-10-03T21:30:48.706Z (string)

dateReserved : 2024-03-19T01:04:06.323Z (string)

assignerOrgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

datePublished : 2024-04-24T23:12:51.923Z (string)

assignerShortName : hackerone (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions."}, {"lang": "es", "value": "Una vulnerabilidad de verificaci\u00f3n inadecuada de condiciones inusuales o excepcionales en el componente web de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure (9.x, 22.x) permite a un atacante remoto no autenticado enviar solicitudes especialmente manipuladas en -orden-para causar interrupciones en el servicio."}], "id": "CVE-2024-29205", "lastModified": "2024-11-21T09:07:48.940", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2024-04-25T06:15:57.923", "references": [{"source": "support@hackerone.com", "url": "https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-703"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{

descriptions : [ »

0 : { »

lang : en (string)

value : An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de verificación inadecuada de condiciones inusuales o excepcionales en el componente web de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure (9.x, 22.x) permite a un atacante remoto no autenticado enviar solicitudes especialmente manipuladas en -orden-para causar interrupciones en el servicio. (string)

}

]

id : CVE-2024-29205 (string)

lastModified : 2024-11-21T09:07:48.940 (string)

metrics : { »

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : support@hackerone.com (string)

type : Secondary (string)

}

]

}

published : 2024-04-25T06:15:57.923 (string)

references : [ »

0 : { »

source : support@hackerone.com (string)

url : https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US (string)

}

]

sourceIdentifier : support@hackerone.com (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-703 (string)

}

]

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object