vulnerability
Pulse Secure Pulse Connect Secure: CVE-2023-46805 (Authentication Bypass) and CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:P/A:N) | Jan 10, 2024 | May 21, 2024 | Mar 26, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:P/A:N)
Published
Jan 10, 2024
Added
May 21, 2024
Modified
Mar 26, 2026
Description
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
Solutions
pulse-secure-pulse-connect-secure-upgrade-22_1r6_1pulse-secure-pulse-connect-secure-upgrade-22_2r4_1pulse-secure-pulse-connect-secure-upgrade-22_3r1_1pulse-secure-pulse-connect-secure-upgrade-22_4r2_3pulse-secure-pulse-connect-secure-upgrade-22_5r2_3pulse-secure-pulse-connect-secure-upgrade-22_6r2_2pulse-secure-pulse-connect-secure-upgrade-9_1r18_4
References
- CVE-2023-46805
- https://attackerkb.com/topics/CVE-2023-46805
- https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-50971
- CWE-287
- EUVD-EUVD-2023-50971
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.