vulnerability
Ivanti Pulse Connect Secure: CVE-2023-46805 (Authentication Bypass) and CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:C/I:P/A:N) | Jan 12, 2024 | May 21, 2024 | Apr 3, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:P/A:N)
Published
Jan 12, 2024
Added
May 21, 2024
Modified
Apr 3, 2025
Description
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
Solution(s)
pulse-secure-pulse-connect-secure-upgrade-22_1r6_1pulse-secure-pulse-connect-secure-upgrade-22_2r4_1pulse-secure-pulse-connect-secure-upgrade-22_3r1_1pulse-secure-pulse-connect-secure-upgrade-22_4r2_3pulse-secure-pulse-connect-secure-upgrade-22_5r2_3pulse-secure-pulse-connect-secure-upgrade-22_6r2_2pulse-secure-pulse-connect-secure-upgrade-9_1r18_4

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.