Description
The Ivanti Connect Secure, Policy Secure Gate and Neurons have an XXE vulnerability. This vulnerability allows an attacker to send crafted requests to a web application for extraction of secrets from the file system, server-side request forgery or denial-of-service attacks.
Remediation
Upgrade to the latest version of Ivanti Connect Secure / Policy Secure / Neurons
References
Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti?
CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure
Related Vulnerabilities
WebLogic CVE-2020-2811 Vulnerability (CVE-2020-2811)
PHP Resource Management Errors Vulnerability (CVE-2010-2093)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-3981)
MySQL CVE-2014-2430 Vulnerability (CVE-2014-2430)
Drupal Improper Input Validation Vulnerability (CVE-2012-5653)