A command injection vulnerability in web components of...
Critical severity
Unreviewed
Published
Jan 12, 2024
to the GitHub Advisory Database
•
Updated Jan 22, 2024
Description
Published by the National Vulnerability Database
Jan 12, 2024
Published to the GitHub Advisory Database
Jan 12, 2024
Last updated
Jan 22, 2024
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
References