← ExploitWatch
HomeExploited Vulnerabilities

CVE-2024-21893 — Actively Exploited: Connect Secure, Policy Secure, and Neurons (Ivanti)

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.

CVE IDCVE-2024-21893
VendorIvanti
ProductConnect Secure, Policy Secure, and Neurons
Vulnerability nameIvanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
Date added2024-01-31
Remediation due2024-02-02
Known ransomware useKnown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionIvanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →