Description
The Ivanti Connect Secure and Ivanti Policy Secure have an authentication bypass vulnerability. An attacker can bypass the authentication with a specially crafted HTTP request and get administrative access to the system.
Remediation
Upgrade to the latest version of Ivanti Connect Secure / Policy Secure
References
Related Vulnerabilities
YOURLS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3824)
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26271)
WordPress Plugin NEX-Forms-The Ultimate WordPress Form Builder Security Bypass (7.8.7)
Envoy Proxy Use After Free Vulnerability (CVE-2022-29227)
Oracle HTTP Server CVE-2013-6438 Vulnerability (CVE-2013-6438)