Severity Level:High
Title:
CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure
Timestamp: :
Thursday February 8, 2024
Summary:
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
Affected System:
Ivanti Connect Secure (version 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1, and 22.5R2.2)
Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3
Recommendations:
Follow the recommended upgrade path.Click here
References:
For Reference 1 ,Click here
For Reference 2 , Click here