CVE-2024-21893
Description
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
NVD
Severity: HIGH
CVE ID: CVE-2024-21893
CVSS Score: 8.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
HackerOne
Severity: HIGH
CVE ID: CVE-2024-21893
CVSS Score: 8.2
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Proof Of Concept
Nuclei Templates for CVE-2024-21893
Refrence: Project Discovery GitHub
h4x0r-dz
CVE-2024-21893: SSRF Vulnerability in Ivanti Connect Secure
Refrence: GitHub
Chocapikk
CVE-2024-21893 to CVE-2024-21887 Exploit Toolkit
Refrence: GitHub
Content on GitHub
gobysec | watchers:678
GobyVuls
Vulnerabilities of Goby supported with exploitation.
Refrence: GitHub
gobysec | watchers:1337
Goby
Attack surface mapping
Refrence: GitHub