An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.
Metrics
Affected Vendors & Products
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2024-04-04T19:45:10.162Z
Updated: 2024-08-01T22:35:34.713Z
Reserved: 2024-01-04T01:04:06.574Z
Link: CVE-2024-22023
Vulnrichment
Updated: 2024-08-01T22:35:34.713Z
NVD
Status : Modified
Published: 2024-04-04T20:15:08.130
Modified: 2024-07-03T01:46:59.843
Link: CVE-2024-22023
Redhat
No data.