This content is viewable by Everyone
High and Other Vulnerabilities in Ivanti Connect Secure and Policy Secure
Ivanti has released security updates to address High and other vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure. An unauthenticated attacker could exploit these vulnerabilities to gain remote code execution and trigger denial of service states on unpatched appliances in low-complexity attacks that don't require user interaction.
For a complete description of the vulnerabilities and affected systems go to: New CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways.
IT Security