CVE-2024-9844
CVSS 3.1 Score 7.1 of 10 (high)
Details
Published Dec 10, 2024
CWE ID 602
Summary
CVE-2024-9844 is a newly disclosed vulnerability affecting the Secure Application Manager component of Ivanti Connect Secure, prior to version 22.7R2.4. This issue stems from insufficient server-side controls, enabling a remote, authenticated attacker to circumvent existing restrictions, potentially leading to unauthorized access or data compromise. Ivanti urges users to upgrade to the latest version to mitigate this risk. This vulnerability could allow unintended actions or data exposure, affecting the security of the impacted system.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share