"
2x High Alert: Ivanti's CVE-2024-21888 - Privilege Escalation Vulnerability AND CVE-2024-21893 - Server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure"
A high-severity vulnerability, CVE-2024-21888, has been identified in Ivanti Connect Secure & Ivanti Policy Secure (versions 9.x, 22.x). This vulnerability permits privilege escalation, allowing a user to gain administrative privileges.
And also a high vulnerability, named CVE-2024-21893, has been discovered in Ivanti Connect Secure and Policy Secure up to versions 9.1R18/22.6R2. This vulnerability affects the SAML component and can be exploited remotely. It allows an attacker to manipulate unknown input, leading to a server-side request forgery issue. There is no publicly available exploit.
A patch has been released to address this vulnerability. Admins are advised to apply patches ASAP and consider a factory reset of devices as an extra precaution.
Tags: #CyberSecurity #VulnerabilityAlert #Ivanti #CVE202421888 #CVE2024221893 #PrivilegeEscalation #PatchManagement #InfosecCommunity #SystemAdmins 
Source: Ivanti's Forums Tenable
