CVE-2024-21893

HIGH
2024-01-31 [email protected]
8.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 26, 2026 - 11:20 vuln.today
Added to CISA KEV
Oct 30, 2025 - 20:40 cisa
CISA KEV
CVE Published
Jan 31, 2024 - 18:15 nvd
HIGH 8.2

Description

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Analysis

Ivanti Connect Secure and Policy Secure contain an SSRF vulnerability in the SAML component allowing unauthenticated access to restricted resources, used as an additional exploitation vector during the January 2024 Ivanti crisis.

Technical Context

The CWE-918 SSRF in the SAML authentication component allows attackers to make the Ivanti appliance send requests to internal services. This provides an alternative authentication bypass path to CVE-2023-46805 for reaching the command injection endpoint.

Affected Products

['Ivanti Connect Secure 9.x and 22.x', 'Ivanti Policy Secure 9.x and 22.x', 'Ivanti Neurons for ZTA']

Remediation

Apply all Ivanti security updates. Disable SAML if not required. Factory reset is recommended. Check for all known Ivanti exploitation indicators.

Priority Score

195
Low Medium High Critical
KEV: +50
EPSS: +94.3
CVSS: +41
POC: 0

Share

CVE-2024-21893 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy