Ivanti Ics vulnerabilities

CVE-2024-22024 [HIGH] CWE-611 CVE-2024-22024: An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22. An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

CVE-2024-21888 [HIGH] CWE-269 CVE-2024-21888: A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivant A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

CVE-2024-21893 [HIGH] CWE-918 CVE-2024-21893: A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22. A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

CVE-2024-21887 [CRITICAL] CWE-77 CVE-2024-21887: A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

CVE-2023-46805 [HIGH] CWE-287 CVE-2023-46805: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Polic An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.