vulnerability
Pulse Secure Pulse Connect Secure: CVE-2023-46805 (Authentication Bypass) and CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:P/A:N) | Jan 10, 2024 | May 21, 2024 | Mar 26, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:P/A:N)
Published
Jan 10, 2024
Added
May 21, 2024
Modified
Mar 26, 2026
Description
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
Solutions
pulse-secure-pulse-connect-secure-upgrade-22_1r6_1pulse-secure-pulse-connect-secure-upgrade-22_2r4_1pulse-secure-pulse-connect-secure-upgrade-22_3r1_1pulse-secure-pulse-connect-secure-upgrade-22_4r2_3pulse-secure-pulse-connect-secure-upgrade-22_5r2_3pulse-secure-pulse-connect-secure-upgrade-22_6r2_2pulse-secure-pulse-connect-secure-upgrade-9_1r18_4
References
- CVE-2023-46805
- https://attackerkb.com/topics/CVE-2023-46805
- https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-50971
- CWE-287
- EUVD-EUVD-2023-50971
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.