CVSS: 8.3EPSS: 93%CPEs: 8EXPL: 1CVE-2024-22024
https://notcve.org/view.php?id=CVE-2024-22024
13 Feb 2024 — An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. Una entidad externa XML o vulnerabilidad XXE en el componente SAML de Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) y puertas de enlace ZTA que permite a un atacante acceder a ciertos recursos restringidos sin autenticación. • https://github.com/0dteam/CVE-2024-22024 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.5EPSS: 94%CPEs: 107EXPL: 3CVE-2024-21893 – Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2024-21893
31 Jan 2024 — A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. Una vulnerabilidad de server-side request forgery en el componente SAML de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure (9.x, 22.x) e Ivanti Neurons for ZTA permite a un atacante acceder a ciertos recursos restringidos sin autenticación. Ivanti Connec... • https://packetstorm.news/files/id/177229 • CWE-918: Server-Side Request Forgery (SSRF) •