An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.
2024-04-04T20:15:08.130
2024-11-21T08:55:25.000
Modified
CVSSv3.1: 5.3 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 9.1 | Yes |
| Application | ivanti | connect_secure | 22.1 | Yes |
| Application | ivanti | connect_secure | 22.2 | Yes |
| Application | ivanti | connect_secure | 22.3 | Yes |
| Application | ivanti | connect_secure | 22.4 | Yes |
| Application | ivanti | connect_secure | 22.5 | Yes |
| Application | ivanti | connect_secure | 22.6 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.0 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 9.1 | Yes |
| Application | ivanti | policy_secure | 22.1 | Yes |
| Application | ivanti | policy_secure | 22.2 | Yes |
| Application | ivanti | policy_secure | 22.3 | Yes |
| Application | ivanti | policy_secure | 22.4 | Yes |
| Application | ivanti | policy_secure | 22.5 | Yes |
| Application | ivanti | policy_secure | 22.6 | Yes |