CVE-2024-22024
Description
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
NVD
Severity: HIGH
CVE ID: CVE-2024-22024
CVSS Score: 8.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
HackerOne
Severity: HIGH
CVE ID: CVE-2024-22024
CVSS Score: 8.3
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Proof Of Concept
Nuclei Templates for CVE-2024-22024
Refrence: Project Discovery GitHub
0dteam
Check for CVE-2024-22024 vulnerability in Ivanti Connect Secure
Refrence: GitHub