CVE-2016-4789 (GCVE-0-2016-4789)
Vulnerability from – Published: 2016-05-26 14:00 – Updated: 2024-11-14 19:49
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035932",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40209"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-4789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T18:08:32.865170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:49:26.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-26T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1035932",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40209"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035932",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035932"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40209",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40209"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4789",
"datePublished": "2016-05-26T14:00:00",
"dateReserved": "2016-05-12T00:00:00",
"dateUpdated": "2024-11-14T19:49:26.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37400 (GCVE-0-2024-37400)
Vulnerability from – Published: 2024-11-13 01:54 – Updated: 2024-11-13 16:57
VLAI?
Summary
An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.
Severity ?
7.5 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ivanti | Connect Secure |
Affected:
22.7R2.3 , < 22.7R2.3
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.7R2.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T16:56:03.123820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T16:57:19.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connect Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "22.7R2.3",
"status": "affected",
"version": "22.7R2.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T01:54:45.506Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-37400",
"datePublished": "2024-11-13T01:54:45.506Z",
"dateReserved": "2024-06-08T01:04:07.093Z",
"dateUpdated": "2024-11-13T16:57:19.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47907 (GCVE-0-2024-47907)
Vulnerability from – Published: 2024-11-12 16:00 – Updated: 2024-11-12 20:02
VLAI?
Summary
A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
Severity ?
7.5 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ivanti | Connect Secure |
Unaffected:
22.7R2.3
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:22.7r2.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.7r2.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T18:59:28.351141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:02:31.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Connect Secure",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "22.7R2.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T16:00:49.792Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2024-47907",
"datePublished": "2024-11-12T16:00:49.792Z",
"dateReserved": "2024-10-04T19:25:07.889Z",
"dateUpdated": "2024-11-12T20:02:31.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47905 (GCVE-0-2024-47905)
Vulnerability from – Published: 2024-11-12 15:56 – Updated: 2024-11-12 18:35
VLAI?
Summary
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
Severity ?
4.9 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Ivanti | Connect Secure |
Unaffected:
22.7R2.3
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T18:35:29.588357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:35:42.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Connect Secure",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "22.7R2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Policy Secure",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "22.7R1.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:56:13.827Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2024-47905",
"datePublished": "2024-11-12T15:56:13.827Z",
"dateReserved": "2024-10-04T19:25:07.889Z",
"dateUpdated": "2024-11-12T18:35:42.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37404 (GCVE-0-2024-37404)
Vulnerability from – Published: 2024-10-18 23:06 – Updated: 2024-10-21 17:22
VLAI?
Summary
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.
Severity ?
9.1 (Critical)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Ivanti | Connect Secure |
Affected:
22.7R2.1 , < 22.7R2.1
(custom)
Affected: 9.1R18.9 , < 9.1R18.9 (custom) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "9.1r18.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"lessThan": "22.7r1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T17:17:52.468911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T17:22:47.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connect Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "22.7R2.1",
"status": "affected",
"version": "22.7R2.1",
"versionType": "custom"
},
{
"lessThan": "9.1R18.9",
"status": "affected",
"version": "9.1R18.9",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Policy Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "22.7R1.1",
"status": "affected",
"version": "22.7R1.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T23:06:49.502Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-and-Policy-Secure-CVE-2024-37404"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-37404",
"datePublished": "2024-10-18T23:06:49.502Z",
"dateReserved": "2024-06-08T01:04:07.093Z",
"dateUpdated": "2024-10-21T17:22:47.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21894 (GCVE-0-2024-21894)
Vulnerability from – Published: 2024-04-04 22:16 – Updated: 2024-10-03 21:43
VLAI?
Summary
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code
Severity ?
8.2 (High)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Ivanti | Connect Secure |
Affected:
22.1R6.2 , < 22.1R6.2
(semver)
Affected: 22.2R4.2 , < 22.2R4.2 (semver) Affected: 22.3R1.2 , < 22.3R1.2 (semver) Affected: 22.4R1.2 , < 22.4R1.2 (semver) Affected: 22.4R2.4 , < 22.4R2.4 (semver) Affected: 22.5R1.3 , < 22.5R1.3 (semver) Affected: 22.5R2.4 , < 22.5R2.4 (semver) Affected: 22.6R2.3 , < 22.6R2.3 (semver) Affected: 9.1R14.6 , < 9.1R14.6 (semver) Affected: 9.1R15.4 , < 9.1R15.4 (semver) Affected: 9.1R16.4 , < 9.1R16.4 (semver) Affected: 9.1R17.4 , < 9.1R17.4 (semver) Affected: 9.1R18.5 , < 9.1R18.5 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.1R6.2"
},
{
"status": "affected",
"version": "22.2R4.2"
},
{
"status": "affected",
"version": "22.3R1.2"
},
{
"status": "affected",
"version": "22.4R1.2"
},
{
"status": "affected",
"version": "22.4R2.4"
},
{
"status": "affected",
"version": "22.5R1.3"
},
{
"status": "affected",
"version": "22.5R2.4"
},
{
"status": "affected",
"version": "22.6R2.3"
},
{
"status": "affected",
"version": "9.1R14.6"
},
{
"status": "affected",
"version": "9.1R15.4"
},
{
"status": "affected",
"version": "9.1R16.4"
},
{
"status": "affected",
"version": "9.1R17.4"
},
{
"status": "affected",
"version": "9.1R18.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.4R1.2"
},
{
"status": "affected",
"version": "22.6R1.2"
},
{
"status": "affected",
"version": "9.1R16.4"
},
{
"status": "affected",
"version": "9.1R17.4"
},
{
"status": "affected",
"version": "9.1R18.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T16:37:42.930659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T21:43:40.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:33.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connect Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "22.1R6.2",
"status": "affected",
"version": "22.1R6.2",
"versionType": "semver"
},
{
"lessThan": "22.2R4.2",
"status": "affected",
"version": "22.2R4.2",
"versionType": "semver"
},
{
"lessThan": "22.3R1.2",
"status": "affected",
"version": "22.3R1.2",
"versionType": "semver"
},
{
"lessThan": "22.4R1.2",
"status": "affected",
"version": "22.4R1.2",
"versionType": "semver"
},
{
"lessThan": "22.4R2.4",
"status": "affected",
"version": "22.4R2.4",
"versionType": "semver"
},
{
"lessThan": "22.5R1.3",
"status": "affected",
"version": "22.5R1.3",
"versionType": "semver"
},
{
"lessThan": "22.5R2.4",
"status": "affected",
"version": "22.5R2.4",
"versionType": "semver"
},
{
"lessThan": "22.6R2.3",
"status": "affected",
"version": "22.6R2.3",
"versionType": "semver"
},
{
"lessThan": "9.1R14.6",
"status": "affected",
"version": "9.1R14.6",
"versionType": "semver"
},
{
"lessThan": "9.1R15.4",
"status": "affected",
"version": "9.1R15.4",
"versionType": "semver"
},
{
"lessThan": "9.1R16.4",
"status": "affected",
"version": "9.1R16.4",
"versionType": "semver"
},
{
"lessThan": "9.1R17.4",
"status": "affected",
"version": "9.1R17.4",
"versionType": "semver"
},
{
"lessThan": "9.1R18.5",
"status": "affected",
"version": "9.1R18.5",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Policy Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "22.4R1.2",
"status": "affected",
"version": "22.4R1.2",
"versionType": "semver"
},
{
"lessThan": "22.6R1.2",
"status": "affected",
"version": "22.6R1.2",
"versionType": "semver"
},
{
"lessThan": "9.1R16.4",
"status": "affected",
"version": "9.1R16.4",
"versionType": "semver"
},
{
"lessThan": "9.1R17.4",
"status": "affected",
"version": "9.1R17.4",
"versionType": "semver"
},
{
"lessThan": "9.1R18.5",
"status": "affected",
"version": "9.1R18.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code "
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T22:16:29.330Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-21894",
"datePublished": "2024-04-04T22:16:29.330Z",
"dateReserved": "2024-01-03T01:04:06.539Z",
"dateUpdated": "2024-10-03T21:43:40.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22052 (GCVE-0-2024-22052)
Vulnerability from – Published: 2024-04-04 19:45 – Updated: 2024-10-03 21:40
VLAI?
Summary
A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack
Severity ?
7.5 (High)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Ivanti | Connect Secure |
Affected:
22.1R6.2 , < 22.1R6.2
(semver)
Affected: 22.2R4.2 , < 22.2R4.2 (semver) Affected: 22.3R1.2 , < 22.3R1.2 (semver) Affected: 22.4R1.2 , < 22.4R1.2 (semver) Affected: 22.4R2.4 , < 22.4R2.4 (semver) Affected: 22.5R1.3 , < 22.5R1.3 (semver) Affected: 22.5R2.4 , < 22.5R2.4 (semver) Affected: 22.6R2.3 , < 22.6R2.3 (semver) Affected: 9.1R14.6 , < 9.1R14.6 (semver) Affected: 9.1R15.4 , < 9.1R15.4 (semver) Affected: 9.1R16.4 , < 9.1R16.4 (semver) Affected: 9.1R17.4 , < 9.1R17.4 (semver) Affected: 9.1R18.5 , < 9.1R18.5 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "9.1R18.5"
},
{
"status": "affected",
"version": "22.6R2.3"
},
{
"status": "affected",
"version": "9.1R17.4"
},
{
"status": "affected",
"version": "22.2R3"
},
{
"status": "affected",
"version": "22.5R2.4"
},
{
"status": "affected",
"version": "9.1R14.6"
},
{
"status": "affected",
"version": "9.1R15.4"
},
{
"status": "affected",
"version": "22.2R4.2"
},
{
"status": "affected",
"version": "22.4R1.2"
},
{
"status": "affected",
"version": "22.6R1.2"
},
{
"status": "affected",
"version": "22.1R6.2"
},
{
"status": "affected",
"version": "22.3R1.2"
},
{
"status": "affected",
"version": "22.4R2.4"
},
{
"status": "affected",
"version": "22.5R1.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.5R1.3"
},
{
"status": "affected",
"version": "9.1R18.5"
},
{
"status": "affected",
"version": "9.1R17.4"
},
{
"status": "affected",
"version": "22.2R3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "9.1R18.5"
},
{
"status": "affected",
"version": "22.6R2.3"
},
{
"status": "affected",
"version": "9.1R17.4"
},
{
"status": "affected",
"version": "22.2R3"
},
{
"status": "affected",
"version": "22.5R2.4"
},
{
"status": "affected",
"version": "9.1R14.6"
},
{
"status": "affected",
"version": "9.1R15.4"
},
{
"status": "affected",
"version": "22.2R4.2"
},
{
"status": "affected",
"version": "22.4R1.2"
},
{
"status": "affected",
"version": "22.6R1.2"
},
{
"status": "affected",
"version": "22.1R6.2"
},
{
"status": "affected",
"version": "22.3R1.2"
},
{
"status": "affected",
"version": "22.4R2.4"
},
{
"status": "affected",
"version": "22.5R1.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.4R1.2"
},
{
"status": "affected",
"version": "22.5R1.3"
},
{
"status": "affected",
"version": "22.6R1.2"
},
{
"status": "affected",
"version": "9.1R16.4"
},
{
"status": "affected",
"version": "9.1R17.4"
},
{
"status": "affected",
"version": "9.1R18.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T17:35:12.496886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T21:40:23.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connect Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "22.1R6.2",
"status": "affected",
"version": "22.1R6.2",
"versionType": "semver"
},
{
"lessThan": "22.2R4.2",
"status": "affected",
"version": "22.2R4.2",
"versionType": "semver"
},
{
"lessThan": "22.3R1.2",
"status": "affected",
"version": "22.3R1.2",
"versionType": "semver"
},
{
"lessThan": "22.4R1.2",
"status": "affected",
"version": "22.4R1.2",
"versionType": "semver"
},
{
"lessThan": "22.4R2.4",
"status": "affected",
"version": "22.4R2.4",
"versionType": "semver"
},
{
"lessThan": "22.5R1.3",
"status": "affected",
"version": "22.5R1.3",
"versionType": "semver"
},
{
"lessThan": "22.5R2.4",
"status": "affected",
"version": "22.5R2.4",
"versionType": "semver"
},
{
"lessThan": "22.6R2.3",
"status": "affected",
"version": "22.6R2.3",
"versionType": "semver"
},
{
"lessThan": "9.1R14.6",
"status": "affected",
"version": "9.1R14.6",
"versionType": "semver"
},
{
"lessThan": "9.1R15.4",
"status": "affected",
"version": "9.1R15.4",
"versionType": "semver"
},
{
"lessThan": "9.1R16.4",
"status": "affected",
"version": "9.1R16.4",
"versionType": "semver"
},
{
"lessThan": "9.1R17.4",
"status": "affected",
"version": "9.1R17.4",
"versionType": "semver"
},
{
"lessThan": "9.1R18.5",
"status": "affected",
"version": "9.1R18.5",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Policy Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "22.4R1.2",
"status": "affected",
"version": "22.4R1.2",
"versionType": "semver"
},
{
"lessThan": "22.5R1.3",
"status": "affected",
"version": "22.5R1.3",
"versionType": "semver"
},
{
"lessThan": "22.6R1.2",
"status": "affected",
"version": "22.6R1.2",
"versionType": "semver"
},
{
"lessThan": "9.1R16.4",
"status": "affected",
"version": "9.1R16.4",
"versionType": "semver"
},
{
"lessThan": "9.1R17.4",
"status": "affected",
"version": "9.1R17.4",
"versionType": "semver"
},
{
"lessThan": "9.1R18.5",
"status": "affected",
"version": "9.1R18.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack "
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T19:45:10.169Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-22052",
"datePublished": "2024-04-04T19:45:10.169Z",
"dateReserved": "2024-01-05T01:04:06.641Z",
"dateUpdated": "2024-10-03T21:40:23.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22053 (GCVE-0-2024-22053)
Vulnerability from – Published: 2024-04-04 19:45 – Updated: 2024-10-03 21:40
VLAI?
Summary
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x
22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.
Severity ?
8.2 (High)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Ivanti | Connect Secure |
Affected:
22.1R6.2 , < 22.1R6.2
(semver)
Affected: 22.2R4.2 , < 22.2R4.2 (semver) Affected: 22.3R1.2 , < 22.3R1.2 (semver) Affected: 22.4R1.2 , < 22.4R1.2 (semver) Affected: 22.4R2.4 , < 22.4R2.4 (semver) Affected: 22.5R1.3 , < 22.5R1.3 (semver) Affected: 22.5R2.4 , < 22.5R2.4 (semver) Affected: 22.6R2.3 , < 22.6R2.3 (semver) Affected: 9.1R14.6 , < 9.1R14.6 (semver) Affected: 9.1R15.4 , < 9.1R15.4 (semver) Affected: 9.1R16.4 , < 9.1R16.4 (semver) Affected: 9.1R17.4 , < 9.1R17.4 (semver) Affected: 9.1R18.5 , < 9.1R18.5 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "9.1R18.5"
},
{
"status": "affected",
"version": "22.6R2.3"
},
{
"status": "affected",
"version": "9.1R17.4"
},
{
"status": "affected",
"version": "22.2R3"
},
{
"status": "affected",
"version": "22.5R2.4"
},
{
"status": "affected",
"version": "9.1R14.6"
},
{
"status": "affected",
"version": "9.1R15.4"
},
{
"status": "affected",
"version": "22.2R4.2"
},
{
"status": "affected",
"version": "22.4R1.2"
},
{
"status": "affected",
"version": "22.6R1.2"
},
{
"status": "affected",
"version": "22.1R6.2"
},
{
"status": "affected",
"version": "22.3R1.2"
},
{
"status": "affected",
"version": "22.4R2.4"
},
{
"status": "affected",
"version": "22.5R1.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.5R1.3"
},
{
"status": "affected",
"version": "9.1R18.5"
},
{
"status": "affected",
"version": "9.1R17.4"
},
{
"status": "affected",
"version": "22.2R3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "9.1R18.5"
},
{
"status": "affected",
"version": "22.6R2.3"
},
{
"status": "affected",
"version": "9.1R17.4"
},
{
"status": "affected",
"version": "22.2R3"
},
{
"status": "affected",
"version": "22.5R2.4"
},
{
"status": "affected",
"version": "9.1R14.6"
},
{
"status": "affected",
"version": "9.1R15.4"
},
{
"status": "affected",
"version": "22.2R4.2"
},
{
"status": "affected",
"version": "22.4R1.2"
},
{
"status": "affected",
"version": "22.6R1.2"
},
{
"status": "affected",
"version": "22.1R6.2"
},
{
"status": "affected",
"version": "22.3R1.2"
},
{
"status": "affected",
"version": "22.4R2.4"
},
{
"status": "affected",
"version": "22.5R1.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.4R1.2"
},
{
"status": "affected",
"version": "22.5R1.3"
},
{
"status": "affected",
"version": "22.6R1.2"
},
{
"status": "affected",
"version": "9.1R16.4"
},
{
"status": "affected",
"version": "9.1R17.4"
},
{
"status": "affected",
"version": "9.1R18.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T15:29:40.880404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T21:40:00.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connect Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "22.1R6.2",
"status": "affected",
"version": "22.1R6.2",
"versionType": "semver"
},
{
"lessThan": "22.2R4.2",
"status": "affected",
"version": "22.2R4.2",
"versionType": "semver"
},
{
"lessThan": "22.3R1.2",
"status": "affected",
"version": "22.3R1.2",
"versionType": "semver"
},
{
"lessThan": "22.4R1.2",
"status": "affected",
"version": "22.4R1.2",
"versionType": "semver"
},
{
"lessThan": "22.4R2.4",
"status": "affected",
"version": "22.4R2.4",
"versionType": "semver"
},
{
"lessThan": "22.5R1.3",
"status": "affected",
"version": "22.5R1.3",
"versionType": "semver"
},
{
"lessThan": "22.5R2.4",
"status": "affected",
"version": "22.5R2.4",
"versionType": "semver"
},
{
"lessThan": "22.6R2.3",
"status": "affected",
"version": "22.6R2.3",
"versionType": "semver"
},
{
"lessThan": "9.1R14.6",
"status": "affected",
"version": "9.1R14.6",
"versionType": "semver"
},
{
"lessThan": "9.1R15.4",
"status": "affected",
"version": "9.1R15.4",
"versionType": "semver"
},
{
"lessThan": "9.1R16.4",
"status": "affected",
"version": "9.1R16.4",
"versionType": "semver"
},
{
"lessThan": "9.1R17.4",
"status": "affected",
"version": "9.1R17.4",
"versionType": "semver"
},
{
"lessThan": "9.1R18.5",
"status": "affected",
"version": "9.1R18.5",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Policy Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "22.4R1.2",
"status": "affected",
"version": "22.4R1.2",
"versionType": "semver"
},
{
"lessThan": "22.5R1.3",
"status": "affected",
"version": "22.5R1.3",
"versionType": "semver"
},
{
"lessThan": "22.6R1.2",
"status": "affected",
"version": "22.6R1.2",
"versionType": "semver"
},
{
"lessThan": "9.1R16.4",
"status": "affected",
"version": "9.1R16.4",
"versionType": "semver"
},
{
"lessThan": "9.1R17.4",
"status": "affected",
"version": "9.1R17.4",
"versionType": "semver"
},
{
"lessThan": "9.1R18.5",
"status": "affected",
"version": "9.1R18.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x\n 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. "
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T19:45:10.175Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-22053",
"datePublished": "2024-04-04T19:45:10.175Z",
"dateReserved": "2024-01-05T01:04:06.642Z",
"dateUpdated": "2024-10-03T21:40:00.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22023 (GCVE-0-2024-22023)
Vulnerability from – Published: 2024-04-04 19:45 – Updated: 2024-10-03 21:38
VLAI?
Summary
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.
Severity ?
5.3 (Medium)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Ivanti | Connect Secure |
Affected:
22.1R6.2 , < 22.1R6.2
(semver)
Affected: 22.2R4.2 , < 22.2R4.2 (semver) Affected: 22.3R1.2 , < 22.3R1.2 (semver) Affected: 22.4R1.2 , < 22.4R1.2 (semver) Affected: 22.4R2.4 , < 22.4R2.4 (semver) Affected: 22.5R1.3 , < 22.5R1.3 (semver) Affected: 22.5R2.4 , < 22.5R2.4 (semver) Affected: 22.6R2.3 , < 22.6R2.3 (semver) Affected: 9.1R14.6 , < 9.1R14.6 (semver) Affected: 9.1R15.4 , < 9.1R15.4 (semver) Affected: 9.1R16.4 , < 9.1R16.4 (semver) Affected: 9.1R17.4 , < 9.1R17.4 (semver) Affected: 9.1R18.5 , < 9.1R18.5 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "connect_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "9.1R18.5"
},
{
"status": "affected",
"version": "22.6R2.3"
},
{
"status": "affected",
"version": "9.1R17.4"
},
{
"status": "affected",
"version": "22.2R3"
},
{
"status": "affected",
"version": "22.5R2.4"
},
{
"status": "affected",
"version": "9.1R14.6"
},
{
"status": "affected",
"version": "9.1R15.4"
},
{
"status": "affected",
"version": "22.2R4.2"
},
{
"status": "affected",
"version": "22.4R1.2"
},
{
"status": "affected",
"version": "22.6R1.2"
},
{
"status": "affected",
"version": "22.1R6.2"
},
{
"status": "affected",
"version": "22.3R1.2"
},
{
"status": "affected",
"version": "22.4R2.4"
},
{
"status": "affected",
"version": "22.5R1.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "policy_secure",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "22.4R1.2"
},
{
"status": "affected",
"version": "22.5R1.3"
},
{
"status": "affected",
"version": "22.6R1.2"
},
{
"status": "affected",
"version": "9.1R16.4"
},
{
"status": "affected",
"version": "9.1R17.4"
},
{
"status": "affected",
"version": "9.1R18.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T13:19:01.057408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T21:38:58.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Connect Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "22.1R6.2",
"status": "affected",
"version": "22.1R6.2",
"versionType": "semver"
},
{
"lessThan": "22.2R4.2",
"status": "affected",
"version": "22.2R4.2",
"versionType": "semver"
},
{
"lessThan": "22.3R1.2",
"status": "affected",
"version": "22.3R1.2",
"versionType": "semver"
},
{
"lessThan": "22.4R1.2",
"status": "affected",
"version": "22.4R1.2",
"versionType": "semver"
},
{
"lessThan": "22.4R2.4",
"status": "affected",
"version": "22.4R2.4",
"versionType": "semver"
},
{
"lessThan": "22.5R1.3",
"status": "affected",
"version": "22.5R1.3",
"versionType": "semver"
},
{
"lessThan": "22.5R2.4",
"status": "affected",
"version": "22.5R2.4",
"versionType": "semver"
},
{
"lessThan": "22.6R2.3",
"status": "affected",
"version": "22.6R2.3",
"versionType": "semver"
},
{
"lessThan": "9.1R14.6",
"status": "affected",
"version": "9.1R14.6",
"versionType": "semver"
},
{
"lessThan": "9.1R15.4",
"status": "affected",
"version": "9.1R15.4",
"versionType": "semver"
},
{
"lessThan": "9.1R16.4",
"status": "affected",
"version": "9.1R16.4",
"versionType": "semver"
},
{
"lessThan": "9.1R17.4",
"status": "affected",
"version": "9.1R17.4",
"versionType": "semver"
},
{
"lessThan": "9.1R18.5",
"status": "affected",
"version": "9.1R18.5",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Policy Secure",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "22.4R1.2",
"status": "affected",
"version": "22.4R1.2",
"versionType": "semver"
},
{
"lessThan": "22.5R1.3",
"status": "affected",
"version": "22.5R1.3",
"versionType": "semver"
},
{
"lessThan": "22.6R1.2",
"status": "affected",
"version": "22.6R1.2",
"versionType": "semver"
},
{
"lessThan": "9.1R16.4",
"status": "affected",
"version": "9.1R16.4",
"versionType": "semver"
},
{
"lessThan": "9.1R17.4",
"status": "affected",
"version": "9.1R17.4",
"versionType": "semver"
},
{
"lessThan": "9.1R18.5",
"status": "affected",
"version": "9.1R18.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. "
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T19:45:10.162Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-22023",
"datePublished": "2024-04-04T19:45:10.162Z",
"dateReserved": "2024-01-04T01:04:06.574Z",
"dateUpdated": "2024-10-03T21:38:58.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11477 (GCVE-0-2019-11477)
Vulnerability from – Published: 2019-06-18 23:34 – Updated: 2024-09-17 02:21
VLAI?
Title
Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs
Summary
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux kernel |
Affected:
4.4 , < 4.4.182
(custom)
Affected: 4.9 , < 4.9.182 (custom) Affected: 4.14 , < 4.14.127 (custom) Affected: 4.19 , < 4.19.52 (custom) Affected: 5.1 , < 5.1.11 (custom) |
Credits
Jonathan Looney from Netflix
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#905115",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
},
{
"name": "RHSA-2019:1594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1594"
},
{
"name": "RHSA-2019:1602",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "RHSA-2019:1699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K78234183"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel",
"vendor": "Linux",
"versions": [
{
"lessThan": "4.4.182",
"status": "affected",
"version": "4.4",
"versionType": "custom"
},
{
"lessThan": "4.9.182",
"status": "affected",
"version": "4.9",
"versionType": "custom"
},
{
"lessThan": "4.14.127",
"status": "affected",
"version": "4.14",
"versionType": "custom"
},
{
"lessThan": "4.19.52",
"status": "affected",
"version": "4.19",
"versionType": "custom"
},
{
"lessThan": "5.1.11",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jonathan Looney from Netflix"
}
],
"datePublic": "2019-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:14:56",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "VU#905115",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
},
{
"name": "RHSA-2019:1594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1594"
},
{
"name": "RHSA-2019:1602",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "RHSA-2019:1699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K78234183"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/4017-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637"
],
"discovery": "UNKNOWN"
},
"title": "Integer overflow in TCP_SKB_CB(skb)-\u003etcp_gso_segs",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "SACK Panic",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-06-17T00:00:00.000Z",
"ID": "CVE-2019-11477",
"STATE": "PUBLIC",
"TITLE": "Integer overflow in TCP_SKB_CB(skb)-\u003etcp_gso_segs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.4",
"version_value": "4.4.182"
},
{
"version_affected": "\u003c",
"version_name": "4.9",
"version_value": "4.9.182"
},
{
"version_affected": "\u003c",
"version_name": "4.14",
"version_value": "4.14.127"
},
{
"version_affected": "\u003c",
"version_name": "4.19",
"version_value": "4.19.52"
},
{
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.11"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jonathan Looney from Netflix"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#905115",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
},
{
"name": "RHSA-2019:1594",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1594"
},
{
"name": "RHSA-2019:1602",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "RHSA-2019:1699",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
},
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic",
"refsource": "MISC",
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/tcpsack",
"refsource": "MISC",
"url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
},
{
"name": "https://support.f5.com/csp/article/K78234183",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K78234183"
},
{
"name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_28",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190625-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
},
{
"name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/4017-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-11477",
"datePublished": "2019-06-18T23:34:51.026970Z",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-09-17T02:21:15.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
displaying 71 - 80 organizations in total 130