Warning: New Security Vulnerability in Ivanti Connect Secure and ZTA Gateways – The Gentleman Report | World | Business | Science | Technology | Health
Today: Jul 27, 2025

Warning: New Security Vulnerability in Ivanti Connect Secure and ZTA Gateways

Warning: New Security Vulnerability in Ivanti Connect Secure and ZTA Gateways
February 9, 2024



Feb 09, 2024NewsroomVulnerability / Zero DayWarning: New Security Vulnerability in Ivanti Connect Secure and ZTA Gateways
Ivanti has notified its customers about a new security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices. The flaw, identified as CVE-2024-22024, has a high severity rating of 8.3 out of 10 on the CVSS scoring system.
According to Ivanti, the flaw is related to an XML external entity or XXE vulnerability in the SAML component of the affected gateways, allowing attackers to access certain restricted resources without authentication. The company discovered this flaw during an internal review as part of its investigation into multiple security weaknesses in the products, including CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893.
Cybersecurity
CVE-2024-22024 affects specific versions of the products, and patches are available for affected versions of Connect Secure, Policy Secure, and ZTA. Ivanti emphasized that there is currently no evidence of active exploitation of the vulnerability. However, given the history of exploitation of similar flaws, it is crucial for users to promptly apply the available fixes for CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

OpenAI
Author: OpenAI

Don't Miss