CVE-2024-22024

Description

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

NVD
Severity: HIGH
CVE ID: CVE-2024-22024
CVSS Score: 8.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

HackerOne
Severity: HIGH
CVE ID: CVE-2024-22024
CVSS Score: 8.3
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2024-22024

Refrence: Project Discovery GitHub

0dteam

Check for CVE-2024-22024 vulnerability in Ivanti Connect Secure

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept