Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)

CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted resources on vulnerable solutions. It affects the SAML component of: Ivanti Connect Secure (9.x, 22.x) Ivanti Policy Secure (9.x, 22.x) Ivanti Neurons for ZTA (SaaS-delivered zero trust network access solution) Its existence, along with that … More →

The post …

access access control a network attackers authentication bypass connect control cve cve-2024-21893 don't miss exploit exploited flaw forgery gateways hot stuff ivanti ivanti connect secure ivanti connect secure vpn network network access network access control policy request requirements resources restricted saml secure vpn server server-side request forgery shadowserver solution solutions ssrf vpn vulnerability vulnerable