Ivanti Ics
5 CVEs affecting Ivanti Ics. Latest disclosed: 2024-02-13. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-21887 | Critical | 9.1 | 2024-01-12 | A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administ… |
CVE-2024-21888 | High | 8.8 | 2024-01-31 | A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privil… |
CVE-2024-22024 | High | 8.3 | 2024-02-13 | An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which… |
CVE-2024-21893 | High | 8.2 | 2024-01-31 | A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons… |
CVE-2023-46805 | High | 8.2 | 2024-01-12 | An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted reso… |