vulnerability

Ivanti Pulse Connect Secure: CVE-2023-46805 (Authentication Bypass) and CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:P/A:N)
Published
Jan 12, 2024
Added
May 21, 2024
Modified
Apr 3, 2025

Description

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Solution(s)

pulse-secure-pulse-connect-secure-upgrade-22_1r6_1pulse-secure-pulse-connect-secure-upgrade-22_2r4_1pulse-secure-pulse-connect-secure-upgrade-22_3r1_1pulse-secure-pulse-connect-secure-upgrade-22_4r2_3pulse-secure-pulse-connect-secure-upgrade-22_5r2_3pulse-secure-pulse-connect-secure-upgrade-22_6r2_2pulse-secure-pulse-connect-secure-upgrade-9_1r18_4
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.