What is CVE-2023-38551?

CVE-2023-38551 is a high-severity vulnerability in Ivanti Connect Secure. CVSS score: 8.2/10. Published 2024-05-31.

How severe is CVE-2023-38551?

High severity. CVSS v3 base score is 8.2 out of 10.

Vulnerability in Ivanti Connect Secure

CVE-2023-38551

A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.

EPSS: 0.006 (69.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H.

Affected products

Ivanti Connect Secure — versions 22.7R2, 22.5R2.2, 9.1R18.6

References

forums.ivanti.com/s/article/Security-Advisory-May-2024

Frequently asked questions

What is CVE-2023-38551?: CVE-2023-38551 is a high-severity vulnerability in Ivanti Connect Secure. CVSS score: 8.2/10. Published 2024-05-31.
How severe is CVE-2023-38551?: High severity. CVSS v3 base score is 8.2 out of 10.