CVE-2024-21888
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/01/2024
Last modified:
03/06/2025
Description
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.0:r2:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.0:r2.1:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.0:r3:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.0:r3.1:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.0:r3.2:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.0:r3.3:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.0:r3.5:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.0:r4:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.0:r4.1:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.0:r5.0:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.0:r6.0:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:* | ||
| cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page