5.3
CVE-2024-22023
- EPSS 0.72%
- Veröffentlicht 04.04.2024 20:15:08
- Zuletzt bearbeitet 21.11.2024 08:55:25
- Quelle support@hackerone.com
- Teams Watchlist Login
- Unerledigt Login
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ivanti ≫ Connect Secure Version9.1 Updater1
Ivanti ≫ Connect Secure Version9.1 Updater10
Ivanti ≫ Connect Secure Version9.1 Updater11
Ivanti ≫ Connect Secure Version9.1 Updater11.5
Ivanti ≫ Connect Secure Version9.1 Updater12
Ivanti ≫ Connect Secure Version9.1 Updater13
Ivanti ≫ Connect Secure Version9.1 Updater14 SwEditionlts
Ivanti ≫ Connect Secure Version9.1 Updater15
Ivanti ≫ Connect Secure Version9.1 Updater16
Ivanti ≫ Connect Secure Version9.1 Updater17
Ivanti ≫ Connect Secure Version9.1 Updater18
Ivanti ≫ Connect Secure Version9.1 Updater2
Ivanti ≫ Connect Secure Version9.1 Updater3
Ivanti ≫ Connect Secure Version9.1 Updater4
Ivanti ≫ Connect Secure Version9.1 Updater4.1
Ivanti ≫ Connect Secure Version9.1 Updater4.2
Ivanti ≫ Connect Secure Version9.1 Updater4.3
Ivanti ≫ Connect Secure Version9.1 Updater5
Ivanti ≫ Connect Secure Version9.1 Updater6
Ivanti ≫ Connect Secure Version9.1 Updater7
Ivanti ≫ Connect Secure Version9.1 Updater8
Ivanti ≫ Connect Secure Version9.1 Updater9
Ivanti ≫ Connect Secure Version22.1
Ivanti ≫ Connect Secure Version22.2
Ivanti ≫ Connect Secure Version22.3
Ivanti ≫ Connect Secure Version22.4
Ivanti ≫ Connect Secure Version22.5
Ivanti ≫ Connect Secure Version22.6
Ivanti ≫ Policy Secure Version9.0 Update-
Ivanti ≫ Policy Secure Version9.0 Updater1
Ivanti ≫ Policy Secure Version9.0 Updater2
Ivanti ≫ Policy Secure Version9.0 Updater2.1
Ivanti ≫ Policy Secure Version9.0 Updater3
Ivanti ≫ Policy Secure Version9.0 Updater3.1
Ivanti ≫ Policy Secure Version9.0 Updater4
Ivanti ≫ Policy Secure Version9.1 Update-
Ivanti ≫ Policy Secure Version9.1 Updater1
Ivanti ≫ Policy Secure Version9.1 Updater10
Ivanti ≫ Policy Secure Version9.1 Updater11
Ivanti ≫ Policy Secure Version9.1 Updater12
Ivanti ≫ Policy Secure Version9.1 Updater13
Ivanti ≫ Policy Secure Version9.1 Updater14
Ivanti ≫ Policy Secure Version9.1 Updater15
Ivanti ≫ Policy Secure Version9.1 Updater16
Ivanti ≫ Policy Secure Version9.1 Updater17
Ivanti ≫ Policy Secure Version9.1 Updater18
Ivanti ≫ Policy Secure Version9.1 Updater2
Ivanti ≫ Policy Secure Version9.1 Updater3
Ivanti ≫ Policy Secure Version9.1 Updater4
Ivanti ≫ Policy Secure Version9.1 Updater5
Ivanti ≫ Policy Secure Version9.1 Updater6
Ivanti ≫ Policy Secure Version9.1 Updater7
Ivanti ≫ Policy Secure Version9.1 Updater8
Ivanti ≫ Policy Secure Version9.1 Updater9
Ivanti ≫ Policy Secure Version22.1
Ivanti ≫ Policy Secure Version22.2
Ivanti ≫ Policy Secure Version22.3
Ivanti ≫ Policy Secure Version22.4
Ivanti ≫ Policy Secure Version22.5
Ivanti ≫ Policy Secure Version22.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.72% | 0.717 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| support@hackerone.com | 5.3 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
CWE-703 Improper Check or Handling of Exceptional Conditions
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.