CVE-2024-21887

GPTKB entity

Statements (19)
Predicate Object
gptkbp:instanceOf CVE Identifier
gptkbp:affects gptkb:Ivanti_Connect_Secure
gptkb:Ivanti_Policy_Secure
gptkbp:describes Command injection vulnerability in web components of Ivanti Connect Secure and Policy Secure allows an authenticated administrator to execute arbitrary commands.
gptkbp:hasAuthenticationRequirement Authenticated administrator
gptkbp:hasCVSSScore 8.2
gptkbp:hasCWE gptkb:CWE-77
gptkbp:hasExploitAvailable Yes
gptkbp:hasPatchAvailable Yes
gptkbp:hasSeverity High
https://www.w3.org/2000/01/rdf-schema#label CVE-2024-21887
gptkbp:isExploitedInTheWild Yes
gptkbp:publicDisclosure 2024-01-10
gptkbp:referencedIn https://nvd.nist.gov/vuln/detail/CVE-2024-21887
https://www.ivanti.com/blog/ivanti-connect-secure-policy-secure-gateway-vulnerabilities
https://www.cisa.gov/news-events/alerts/2024/01/10/ivanti-connect-secure-and-policy-secure-gateway-vulnerabilities
gptkbp:vulnerableTo Command Injection
gptkbp:bfsParent gptkb:Pulse_Connect_Secure
gptkbp:bfsLayer 7