Unrated severityCISA KEVNVD Advisory· Published Jan 12, 2024· Updated Oct 21, 2025

CVE-2023-46805

Description

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Affected products

Ivanti/ICSv5
Range: 9.1R18
Ivanti/IPSv5
Range: 9.1R18

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.htmlmitre
forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gatewaysmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060