Secure CI/CD Pipelines with ZTNA

Workshop

Sept 17

Register today

Try Twingate

Request a Demo

Product

Docs

Resources

Partners

Customers

Pricing

Product

Docs

Partners

Resources

Customers

Pricing

Sign in

Request Demo

Try for Free

Secure CI/CD Pipelines with ZTNA

Workshop

Sept 17

Register today

Try Twingate

Request a Demo

Product

Docs

Resources

Partners

Customers

Pricing

Secure CI/CD Pipelines with ZTNA

Workshop

Sept 17

Register

Try Twingate

Request a Demo

Product

Docs

Resources

Partners

Customers

Pricing

Blog

/

CVE-2024-22024 Report - Details, Severity, & Advisorie...

Latest

News

Insights

Tips

Tutorials

Comparisons

Glossary

Other

CVE-2024-22024 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-22024?

CVE-2024-22024 is a high-severity vulnerability affecting the SAML component of certain Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateway systems. While specific system versions are impacted, patches are available to mitigate the risk and secure affected systems.

Who is impacted by CVE-2024-22024?

The CVE-2024-22024 vulnerability affects users of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateway systems. Specifically, the impacted versions are 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1, and 22.5R2.2 for Ivanti Connect Secure; 22.5R1.1 for Ivanti Policy Secure; and 22.6R1.3 for ZTA gateways.

What should I do if I’m affected?

If you're affected by the CVE-2024-22024 vulnerability, it's crucial to take immediate action to protect your systems. Follow these simple steps:

  1. Download the available patch for your affected Ivanti Connect Secure, Ivanti Policy Secure, or ZTA gateway version.

  2. Refer to the Ivanti advisory for detailed instructions on applying the mitigation and patch.

  3. Contact Ivanti support through their Success Portal if you need further assistance.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-22024 vulnerability, an XML external entity issue in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on February 12, 2024. To address this vulnerability, users should apply the available patch and follow the provided mitigation steps.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-611, an improper restriction of XML external entity reference issue in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways.

Learn More

CVE-2024-22024 is a high-severity vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways, with a CVSS 3.x base score of 8.3. To learn more about its description, severity, technical details, and affected software configurations, visit the NVD page or refer to the sources below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Try Twingate for Free

Request Demo

Blog

/

CVE-2024-22024 Report - Details, Severity, & Advisorie...

CVE-2024-22024 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-22024?

CVE-2024-22024 is a high-severity vulnerability affecting the SAML component of certain Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateway systems. While specific system versions are impacted, patches are available to mitigate the risk and secure affected systems.

Who is impacted by CVE-2024-22024?

The CVE-2024-22024 vulnerability affects users of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateway systems. Specifically, the impacted versions are 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1, and 22.5R2.2 for Ivanti Connect Secure; 22.5R1.1 for Ivanti Policy Secure; and 22.6R1.3 for ZTA gateways.

What should I do if I’m affected?

If you're affected by the CVE-2024-22024 vulnerability, it's crucial to take immediate action to protect your systems. Follow these simple steps:

  1. Download the available patch for your affected Ivanti Connect Secure, Ivanti Policy Secure, or ZTA gateway version.

  2. Refer to the Ivanti advisory for detailed instructions on applying the mitigation and patch.

  3. Contact Ivanti support through their Success Portal if you need further assistance.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-22024 vulnerability, an XML external entity issue in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on February 12, 2024. To address this vulnerability, users should apply the available patch and follow the provided mitigation steps.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-611, an improper restriction of XML external entity reference issue in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways.

Learn More

CVE-2024-22024 is a high-severity vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways, with a CVSS 3.x base score of 8.3. To learn more about its description, severity, technical details, and affected software configurations, visit the NVD page or refer to the sources below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Try Twingate for Free

Request Demo

Blog

CVE-2024-22024 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-22024?

CVE-2024-22024 is a high-severity vulnerability affecting the SAML component of certain Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateway systems. While specific system versions are impacted, patches are available to mitigate the risk and secure affected systems.

Who is impacted by CVE-2024-22024?

The CVE-2024-22024 vulnerability affects users of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateway systems. Specifically, the impacted versions are 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, 22.5R1.1, and 22.5R2.2 for Ivanti Connect Secure; 22.5R1.1 for Ivanti Policy Secure; and 22.6R1.3 for ZTA gateways.

What should I do if I’m affected?

If you're affected by the CVE-2024-22024 vulnerability, it's crucial to take immediate action to protect your systems. Follow these simple steps:

  1. Download the available patch for your affected Ivanti Connect Secure, Ivanti Policy Secure, or ZTA gateway version.

  2. Refer to the Ivanti advisory for detailed instructions on applying the mitigation and patch.

  3. Contact Ivanti support through their Success Portal if you need further assistance.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-22024 vulnerability, an XML external entity issue in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on February 12, 2024. To address this vulnerability, users should apply the available patch and follow the provided mitigation steps.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-611, an improper restriction of XML external entity reference issue in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways.

Learn More

CVE-2024-22024 is a high-severity vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways, with a CVSS 3.x base score of 8.3. To learn more about its description, severity, technical details, and affected software configurations, visit the NVD page or refer to the sources below.

Solutions

Zero Trust Access

Documentation

Quick Start

Use Cases

Architecture

API

Twingate Labs

Resources

Blog

Customers

Whitepaper

Changelog

Company

About

Careers

Pricing

Partners

Terms

Privacy

Your Privacy Choices

Support

Contact Sales

Get Help

FAQ

Try for Free

Request Demo

Download

Copyright © 2024 Twingate.

macOS

Windows

Linux

Chrome

iOS

Android

Solutions

Zero Trust Access

Documentation

Quick Start

Use Cases

Architecture

API

Twingate Labs

Resources

Blog

Customers

Whitepaper

Changelog

Company

About

Careers

Pricing

Partners

Terms

Privacy

Your Privacy Choices

Support

Contact Sales

Get Help

FAQ

Try for Free

Request Demo

Download

Copyright © 2024 Twingate.

macOS

Windows

Linux

Chrome

iOS

Android

The VPN replacement your workforce will love.

Try Twingate for Free

Request a Demo

Solutions

Zero Trust Access

Documentation

Quick Start

Use Cases

Architecture

API

Twingate Labs

Resources

Blog

Customers

Whitepaper

Changelog

Company

About

Careers

Pricing

Partners

Terms

Privacy

Your Privacy Choices

Support

Contact Sales

Get Help

FAQ

Try for Free

Request Demo

Download

Copyright © 2024 Twingate.

macOS

Windows

Linux

Chrome

iOS

Android