CVE-2024-22024

HIGH Year: 2024
CVSS v3 Score
8.3
High
Weakness Type
CWE-611
View all →

Vulnerability Description

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

Related Vulnerabilities

CVE-2018-1000054

HIGH
CVSS:8.3(High)

Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenk...

CWE-6112018

CVE-2018-1000055

HIGH
CVSS:8.3(High)

Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from...

CWE-6112018

CVE-2018-1000056

HIGH
CVSS:8.3(High)

Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the J...

CWE-6112018

CVE-2020-17376

HIGH
CVSS:8.3(High)

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously underg...

CWE-6112020

CVE-2024-52806

HIGH
CVSS:8.3(High)

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability...

CWE-6112024

CVE-2017-1192

HIGH
CVSS:8.2(High)

IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive i...

CWE-6112017