ГлавнаяУязвимости → CVE-2024-22024
8.3высокая

CVE-2024-22024

→ есть в БДУ: BDU:2024-01287 (на русском)
Описание (на английском; русское — в БДУ выше)

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

Затрагиваемое ПО
Ivanti Connect secureIvanti Policy secureIvanti Zero trust access gateway
CVSS
Балл8.3 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Источники
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_UShttps://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US