vulnerability
Ivanti Pulse Connect Secure: SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow), CVE-2024-22023 (XML entity expansion or XXE) and CVE-2024-29205 for Ivanti Connect Secure and Ivanti Policy Secure Gateways
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Apr 24, 2024 | May 21, 2024 | Mar 10, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Apr 24, 2024
Added
May 21, 2024
Modified
Mar 10, 2026
Description
An Improper Check for Unusual Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in order to cause service disruptions.
Solutions
pulse-secure-pulse-connect-secure-upgrade-22_1r6_2pulse-secure-pulse-connect-secure-upgrade-22_2r4_2pulse-secure-pulse-connect-secure-upgrade-22_3r1_2pulse-secure-pulse-connect-secure-upgrade-22_4r2_4pulse-secure-pulse-connect-secure-upgrade-22_5r2_4pulse-secure-pulse-connect-secure-upgrade-22_6r2_3pulse-secure-pulse-connect-secure-upgrade-9_1r18_5
References
- CVE-2024-29205
- https://attackerkb.com/topics/CVE-2024-29205
- URL-https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
- CWE-703
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.