GSD-2024-22023
Vulnerability from gsd - Updated: 2024-01-04 06:02Details
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-22023"
],
"details": "An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. ",
"id": "GSD-2024-22023",
"modified": "2024-01-04T06:02:16.683353Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2024-22023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Connect Secure",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "22.1R6.2",
"version_value": "22.1R6.2"
},
{
"version_affected": "\u003c",
"version_name": "22.2R4.2",
"version_value": "22.2R4.2"
},
{
"version_affected": "\u003c",
"version_name": "22.3R1.2",
"version_value": "22.3R1.2"
},
{
"version_affected": "\u003c",
"version_name": "22.4R1.2",
"version_value": "22.4R1.2"
},
{
"version_affected": "\u003c",
"version_name": "22.4R2.4",
"version_value": "22.4R2.4"
},
{
"version_affected": "\u003c",
"version_name": "22.5R1.3",
"version_value": "22.5R1.3"
},
{
"version_affected": "\u003c",
"version_name": "22.5R2.4",
"version_value": "22.5R2.4"
},
{
"version_affected": "\u003c",
"version_name": "22.6R2.3",
"version_value": "22.6R2.3"
},
{
"version_affected": "\u003c",
"version_name": "9.1R14.6",
"version_value": "9.1R14.6"
},
{
"version_affected": "\u003c",
"version_name": "9.1R15.4",
"version_value": "9.1R15.4"
},
{
"version_affected": "\u003c",
"version_name": "9.1R16.4",
"version_value": "9.1R16.4"
},
{
"version_affected": "\u003c",
"version_name": "9.1R17.4",
"version_value": "9.1R17.4"
},
{
"version_affected": "\u003c",
"version_name": "9.1R18.5",
"version_value": "9.1R18.5"
}
]
}
},
{
"product_name": "Policy Secure",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "22.4R1.2",
"version_value": "22.4R1.2"
},
{
"version_affected": "\u003c",
"version_name": "22.5R1.3",
"version_value": "22.5R1.3"
},
{
"version_affected": "\u003c",
"version_name": "22.6R1.2",
"version_value": "22.6R1.2"
},
{
"version_affected": "\u003c",
"version_name": "9.1R16.4",
"version_value": "9.1R16.4"
},
{
"version_affected": "\u003c",
"version_name": "9.1R17.4",
"version_value": "9.1R17.4"
},
{
"version_affected": "\u003c",
"version_name": "9.1R18.5",
"version_value": "9.1R18.5"
}
]
}
}
]
},
"vendor_name": "Ivanti"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. "
}
]
},
"impact": {
"cvss": [
{
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US",
"refsource": "MISC",
"url": "https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*",
"matchCriteriaId": "5A3A93FE-41BF-43F2-9EFC-89656182329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*",
"matchCriteriaId": "8D5F47BA-DE6D-443D-95C3-A45F80EDC71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*",
"matchCriteriaId": "2DDDA231-2A5E-4C70-8620-535C7F9027A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "32E0B425-A9BA-4D00-84A9-46268072D696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "65435A96-EF7A-439A-AA6C-CB7EAEF0A963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:lts:*:*:*",
"matchCriteriaId": "4F06BC30-D62D-4A8F-8279-69C1A4A77357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*",
"matchCriteriaId": "DB6CEA16-F422-48F1-9473-3931B1BFA63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*",
"matchCriteriaId": "28FDE909-711C-41EC-8BA6-AC4DE05EA27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
"matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
"matchCriteriaId": "16DAA769-8F0D-4C54-A8D9-9902995605B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCEFEAE-2A69-4B54-B59F-207E182587B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03E34306-6D29-44FF-914C-F56A0BDB9BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72229EFD-B5F2-4EFA-9B62-8CB30767E9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D1FDDA64-2FFB-424B-84C3-5D12B023BEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23F7CD-2A2F-4074-9711-7AF001D27693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCED84C-D9C4-4863-8323-721C3009046E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AFE8DB4A-9891-4647-82E2-EB5D377CAD25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r1:*:*:*:*:*:*",
"matchCriteriaId": "26B25B34-7BD0-471B-A396-45CE5420E963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r2:*:*:*:*:*:*",
"matchCriteriaId": "AA514C05-2834-4C7B-B022-02B41C9AAD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "0929C645-DACB-4341-9032-7C79FFC8BCF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r3:*:*:*:*:*:*",
"matchCriteriaId": "0D36CB5A-8389-4F2F-882A-4E8F30028799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "517DA74B-9D69-45E1-A707-A08A305A507C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:r4:*:*:*:*:*:*",
"matchCriteriaId": "F72C00C7-017C-4C25-99B0-D7D42D969E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6418A649-3A63-40CC-BD7C-309B3B0B2595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*",
"matchCriteriaId": "BF767F07-2E9F-4099-829D-2F70E85D8A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*",
"matchCriteriaId": "B994E22B-8FA5-4510-82F6-7820BDA7C307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "FE5C4ABC-2BEB-4741-95B3-303903369818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "D50C5526-F791-4C76-B5C0-DA2E1281C9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*",
"matchCriteriaId": "7A53C031-E7A5-47B6-BA4A-DD28432E743F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "4BEE355B-1C2D-4BEB-8922-EAEAA5A1FAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "B90687F3-A5C1-4706-AD66-D78EE512E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*",
"matchCriteriaId": "D10A3F2D-6A62-4A48-93FB-274527C821D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*",
"matchCriteriaId": "811C7E7E-89AB-47DF-BACD-ED478DF756BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*",
"matchCriteriaId": "092DA2A3-5CEF-433F-8E5B-4850E4095CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "943AE706-D105-4F10-9CEE-DFED2B398BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97BA5833-4D1C-49FE-AED1-C05739C70D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF784115-7006-49AE-96B9-E983936733B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F070F30-4AFE-4A02-843D-702F08F29630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC6B43E-6BBF-421A-9F9C-41FEBA72712B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EED7C69C-6F3E-442E-BEBE-57E14AA2165F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. "
},
{
"lang": "es",
"value": "Una expansi\u00f3n de entidad XML o vulnerabilidad XEE en el componente SAML de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure permite que un atacante no autenticado env\u00ede solicitudes XML especialmente manipuladas para causar temporalmente el agotamiento de los recursos, lo que resulta en una DoS por tiempo limitado."
}
],
"id": "CVE-2024-22023",
"lastModified": "2024-04-08T22:51:43.003",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "support@hackerone.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-04T20:15:08.130",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/New-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…