Ivanti Security Update Advisory (CVE-2024-22024)

Feb 13 2024

Overview

An update has been made available to fix vulnerabilities in Ivanti products. Users of affected versions are advised to update to the latest version.

Affected Products

Ivanti Connect Secure

9.1R14.4
9.1R17.2
9.1R18.3
22.4R2.2
22.5R1.1

Ivanti Policy Secure

22.5R1.1

Ivanti ZTA

22.6R1.3

Resolved Vulnerabilities

XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA Gateway could allow attackers to access restricted resources without authentication (CVE-2024-22024)

Vulnerability Patches

Vulnerability patches were made available in the February 8, 2024 update. Please follow the instructions on the reference site to update to the latest vulnerability patch version.

Ivanti Connect Secure

9.1R14.5
9.1R17.3
9.1R18.4
22.4R2.3
22.5R1.2
22.5R2.3
22.6R2.2

Ivanti Policy Secure

9.1R17.3
9.1R18.4
22.5R1.2

Ivanti ZTA

22.5R1.6
22.6R1.5
22.6R1.7

Referenced Sites

[1] CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
[2] CVE-2024-23113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23113

Ivanti Security Update Advisory (CVE-2024-22024)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Linux Kernel Vulnerability Security Update Advisory (CVE-2023-6200)

Atlassian Confluence Security Update Advisory (CVE-2024-21672)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Linux Kernel Vulnerability Security Update Advisory (CVE-2023-6200)

Atlassian Confluence Security Update Advisory (CVE-2024-21672)