CVE-2024-21893

HighKnown ExploitedRansomware

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)…

hackerone·CWE-918·Published 2024-01-31

CVSS

8.2

EPSS

1.00

KEV

Yes

Exploits

Attributed to:UNC5325 UNC5330

cve.orgen

248 chars

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

NVDen

248 chars

NVDes

249 chars

Una vulnerabilidad de server-side request forgery en el componente SAML de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure (9.x, 22.x) e Ivanti Neurons for ZTA permite a un atacante acceder a ciertos recursos restringidos sin autenticación.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	8.2	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
3.0	Secondary	NVD	8.2	3.9	4.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
3.1	Primary	NVD	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N