CVSS: 8.2EPSS: 0%CPEs: 60EXPL: 0CVE-2024-22053
https://notcve.org/view.php?id=CVE-2024-22053
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. Una vulnerabilidad de desbordamiento de montón en el componente IPSec de Ivanti Connect Secure (9.x 22.x) e Ivanti Policy Secure permite que un usuario malintencionado no autenticado envíe solicitudes especialmente manipuladas para bloquear el servicio, provocando así un ataque DoS o en determinadas condiciones. leer contenidos de la memoria. • https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 60EXPL: 0CVE-2024-22052
https://notcve.org/view.php?id=CVE-2024-22052
A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack Una vulnerabilidad de desreferencia de puntero nulo en el componente IPSec de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure permite que un usuario malintencionado no autenticado envíe solicitudes especialmente manipuladas para bloquear el servicio, provocando así un ataque DoS. • https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US • CWE-476: NULL Pointer Dereference CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0CVE-2024-22023
https://notcve.org/view.php?id=CVE-2024-22023
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. Una expansión de entidad XML o vulnerabilidad XEE en el componente SAML de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure permite que un atacante no autenticado envíe solicitudes XML especialmente manipuladas para causar temporalmente el agotamiento de los recursos, lo que resulta en una DoS por tiempo limitado. • https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US • CWE-476: NULL Pointer Dereference CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46808
https://notcve.org/view.php?id=CVE-2023-46808
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user. Una vulnerabilidad de carga de archivos en Ivanti ITSM anterior a 2023.4 permite a un usuario remoto autenticado realizar escrituras de archivos en el servidor. La explotación exitosa puede conducir a la ejecución de comandos en el contexto de un usuario no root. • https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41724
https://notcve.org/view.php?id=CVE-2023-41724
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. Una vulnerabilidad de inyección de comandos en Ivanti Sentry anterior a 9.19.0 permite que un actor de amenazas no autenticado ejecute comandos arbitrarios en el sistema operativo subyacente del dispositivo dentro de la misma red física o lógica. • https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •