Description
The Ivanti Connect Secure, Policy Secure Gate and Neurons have an XXE vulnerability. This vulnerability allows an attacker to send crafted requests to a web application for extraction of secrets from the file system, server-side request forgery or denial-of-service attacks.
Remediation
Upgrade to the latest version of Ivanti Connect Secure / Policy Secure / Neurons
References
Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti?
CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure
Related Vulnerabilities
Jboss EAP Configuration Vulnerability (CVE-2008-3519)
Oracle JRE CVE-2013-0444 Vulnerability (CVE-2013-0444)
Oracle Database Server CVE-2006-0266 Vulnerability (CVE-2006-0266)
RubyGems Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-8324)
Skipper Incorrect Authorization Vulnerability (CVE-2022-34296)