Unrated severityNVD Advisory· Published Apr 4, 2024· Updated Oct 3, 2024
CVE-2024-22023
CVE-2024-22023
Description
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.
Affected products
49.x, 22.x+ 1 more
- (no CPE)range: 9.x, 22.x
- (no CPE)range: 22.1R6.2
9.x, 22.x (implied same as Connect Secure)+ 1 more
- (no CPE)range: 9.x, 22.x (implied same as Connect Secure)
- (no CPE)range: 22.4R1.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.