Unrated severityCISA KEVNVD Advisory· Published Jan 12, 2024· Updated Oct 21, 2025
CVE-2024-21887
CVE-2024-21887
Description
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: 9.x, 22.x
- Range: 9.x, 22.x
- Ivanti/ICSv5Range: 9.1R18
- Ivanti/IPSv5Range: 9.1R18
Patches
Vulnerability mechanics
References
2News mentions
3- Operation Escaneo Signals Shift in LatAm Threat LandscapeDark Reading · Jun 18, 2026
- LATAM Infrastructure Hit by Fortinet and Ivanti ExploitsInfosecurity Magazine · Jun 18, 2026
- Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersectTenable Blog · May 27, 2026