Insufficient Server-Side Controls in Ivanti Connect Secure
CVE-2024-9844

8.8HIGH

Key Information:

Vendor: Ivanti
Status: Connect Secure
Vendor: CVE Published:; 10 December 2024

Summary

A vulnerability in the Secure Application Manager component of Ivanti Connect Secure allows a remote authenticated attacker to bypass essential security restrictions. This issue arises from insufficient server-side controls, which can potentially lead to unauthorized access to sensitive functionalities. Organizations using affected versions should take proactive measures to implement security patches or updates to mitigate these risks and ensure their environments remain secure.

References

https://forums.ivanti.com/s/article/December-2024-Securit...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024