Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Members of public are advised to stay vigilant and not follow any instructions given by these scammers. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Authentication Bypass Vulnerability in Ivanti Products
Alerts

Authentication Bypass Vulnerability in Ivanti Products

9 February 2024

Ivanti has released security updates to address a vulnerability (CVE-2024-22024) affecting Connect Secure, Policy Secure, and ZTA gateways.

Successful exploitation of this authentication bypass vulnerability could allow a remote attacker to gain access to restricted resources.

The vulnerability affects the following versions:

  • Ivanti Connect Secure (version 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1)

  • Ivanti Policy Secure version 22.5R1.1

  • ZTA version 22.6R1.3

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure