CVE-2024-21893 - Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability

CVE-2024-21893: Ivanti | Connect Secure, Policy Secure, and Neurons

Date Added:
2024-01-31

Due Date:
2024-02-02

Vulnerability Name: Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability

Description: Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2024-21893

Related News Articles

Ivanti fixes maximum severity RCE bug in Endpoint Management softwareSeptember 11, 2024

Ivanti warns of critical vTM auth bypass with public exploitAugust 13, 2024

Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP!June 26, 2024

Chemical facilities warned of possible data theft in CISA CSAT breachJune 25, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard