cbcvebase.
CVE-2023-38551
published 2024-05-31

CVE-2023-38551: A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s…

PriorityP336high8.2CVSS 3.0
AVNACLPRHUINSCCLILAH
EPSS
1.00%
58.6th percentile
A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.

Affected

3 ranges
VendorProductVersion rangeFixed in
ivanticonnect_secure>= 22.5R2.2 < 22.5R2.222.5R2.2
ivanticonnect_secure>= 22.7R2 < 22.7R222.7R2
ivanticonnect_secure>= 9.1R18.6 < 9.1R18.69.1R18.6
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.