Reflected XSS Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure
CVE-2024-11004
6.1MEDIUM
What is CVE-2024-11004?
A reflected XSS vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure, where an unauthenticated remote attacker can exploit the flaw to gain administrative control. The attack requires user interaction, thereby posing a significant risk to users who may unknowingly interact with a malicious link crafted by an attacker.
Affected Version(s)
Connect Secure 22.7R2.1
Policy Secure 22.7R1.1