Upstream information

CVE-2024-21893 at MITRE

Description

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v3 Scores
  National Vulnerability Database
Base Score 8.2
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact Low
Availability Impact None
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1227098 [RESOLVED / WONTFIX]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Wed Jan 31 21:00:25 2024
CVE page last modified: Mon Sep 23 17:51:37 2024