CVE-2024-21893

Description

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

NVD
Severity: HIGH
CVE ID: CVE-2024-21893
CVSS Score: 8.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

HackerOne
Severity: HIGH
CVE ID: CVE-2024-21893
CVSS Score: 8.2
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2024-21893

Refrence: Project Discovery GitHub

h4x0r-dz

CVE-2024-21893: SSRF Vulnerability in Ivanti Connect Secure

Refrence: GitHub

Chocapikk

CVE-2024-21893 to CVE-2024-21887 Exploit Toolkit

Refrence: GitHub

Content on GitHub

gobysec | watchers:678

GobyVuls
Vulnerabilities of Goby supported with exploitation.

Refrence: GitHub

gobysec | watchers:1337

Goby
Attack surface mapping

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub