PT-2024-16695 · Ivanti · Ivanti Policy Secure+1
Published
2024-11-11
·
Updated
2025-12-29
·
CVE-2024-11004
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Ivanti Connect Secure versions prior to 22.7R2.1
Ivanti Policy Secure versions prior to 22.7R1.1
Description
The issue is related to a Reflected XSS that allows a remote unauthenticated attacker to obtain admin privileges, with user interaction required. This can lead to elevated privileges and cross-site scripting attacks.
Recommendations
For Ivanti Connect Secure versions prior to 22.7R2.1, update to version 22.7R2.1 or later.
For Ivanti Policy Secure versions prior to 22.7R1.1, update to version 22.7R1.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Connect Secure
Ivanti Policy Secure