claytonvantol.us
SESSION: secure TLS: 1.3 PID: 1337

clayton@site:~/news$ cat cve-2024-21893-ivanti-connect-secure-policy-secure-and-neurons.log

CVE-2024-21893 — Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability

2024-01-31 • CISA Known Exploited Vulnerability

[event] Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.

> AFFECTED SOFTWARE

Field Value
Vendor Ivanti
Product Connect Secure, Policy Secure, and Neurons
CWE CWE-918
CVE ID CVE-2024-21893
Date Added 2024-01-31
Due Date 2024-02-02
Ransomware Campaign Known — this vulnerability has been leveraged in ransomware campaigns

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-02-02

> REFERENCES

← back to terminal

UPTIME: 1337d v2.0.1 privacy LAST LOGIN: 2026-05-30 20:36:10 UTC