Description
An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Ivanti / Connect Secure9.1R18.5 – 9.1R18.5
- Ivanti / Connect Secure22.6R2.3 – 22.6R2.3
- Ivanti / Connect Secure9.1R17.4 – 9.1R17.4
- Ivanti / Connect Secure22.2R3 – 22.2R3
- Ivanti / Connect Secure22.5R2.4 – 22.5R2.4
- Ivanti / Connect Secure9.1R14.6 – 9.1R14.6
- Ivanti / Connect Secure9.1R16.4 – 9.1R16.4
- Ivanti / Connect Secure9.1R15.4 – 9.1R15.4
- Ivanti / Connect Secure22.2R4.2 – 22.2R4.2
- Ivanti / Connect Secure22.4R1.2 – 22.4R1.2
- Ivanti / Connect Secure22.6R1.2 – 22.6R1.2
- Ivanti / Connect Secure22.1R6.2 – 22.1R6.2
- Ivanti / Connect Secure22.3R1.2 – 22.3R1.2
- Ivanti / Connect Secure22.4R2.4 – 22.4R2.4
- Ivanti / Connect Secure22.5R1.3 – 22.5R1.3
- Ivanti / Policy Secure22.5R1.3 – 22.5R1.3
- Ivanti / Policy Secure9.1R18.5 – 9.1R18.5
- Ivanti / Policy Secure9.1R17.4 – 9.1R17.4
- Ivanti / Policy Secure22.2R3 – 22.2R3