A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Connect_secure | Ivanti | 9.0 (including) | 9.0 (including) |
Connect_secure | Ivanti | 9.0-r1 (including) | 9.0-r1 (including) |
Connect_secure | Ivanti | 9.0-r2 (including) | 9.0-r2 (including) |
Connect_secure | Ivanti | 9.0-r2.1 (including) | 9.0-r2.1 (including) |
Connect_secure | Ivanti | 9.0-r3 (including) | 9.0-r3 (including) |
Connect_secure | Ivanti | 9.0-r3.1 (including) | 9.0-r3.1 (including) |
Connect_secure | Ivanti | 9.0-r3.2 (including) | 9.0-r3.2 (including) |
Connect_secure | Ivanti | 9.0-r3.3 (including) | 9.0-r3.3 (including) |
Connect_secure | Ivanti | 9.0-r3.5 (including) | 9.0-r3.5 (including) |
Connect_secure | Ivanti | 9.0-r4 (including) | 9.0-r4 (including) |
Connect_secure | Ivanti | 9.0-r4.1 (including) | 9.0-r4.1 (including) |
Connect_secure | Ivanti | 9.0-r5.0 (including) | 9.0-r5.0 (including) |
Connect_secure | Ivanti | 9.0-r6.0 (including) | 9.0-r6.0 (including) |
Connect_secure | Ivanti | 9.1-r1 (including) | 9.1-r1 (including) |
Connect_secure | Ivanti | 9.1-r10 (including) | 9.1-r10 (including) |
Connect_secure | Ivanti | 9.1-r11 (including) | 9.1-r11 (including) |
Connect_secure | Ivanti | 9.1-r11.3 (including) | 9.1-r11.3 (including) |
Connect_secure | Ivanti | 9.1-r11.4 (including) | 9.1-r11.4 (including) |
Connect_secure | Ivanti | 9.1-r11.5 (including) | 9.1-r11.5 (including) |
Connect_secure | Ivanti | 9.1-r12 (including) | 9.1-r12 (including) |
Connect_secure | Ivanti | 9.1-r12.1 (including) | 9.1-r12.1 (including) |
Connect_secure | Ivanti | 9.1-r13 (including) | 9.1-r13 (including) |
Connect_secure | Ivanti | 9.1-r13.1 (including) | 9.1-r13.1 (including) |
Connect_secure | Ivanti | 9.1-r14 (including) | 9.1-r14 (including) |
Connect_secure | Ivanti | 9.1-r15 (including) | 9.1-r15 (including) |
Connect_secure | Ivanti | 9.1-r15.2 (including) | 9.1-r15.2 (including) |
Connect_secure | Ivanti | 9.1-r16 (including) | 9.1-r16 (including) |
Connect_secure | Ivanti | 9.1-r16.1 (including) | 9.1-r16.1 (including) |
Connect_secure | Ivanti | 9.1-r17 (including) | 9.1-r17 (including) |
Connect_secure | Ivanti | 9.1-r17.1 (including) | 9.1-r17.1 (including) |
Connect_secure | Ivanti | 9.1-r18 (including) | 9.1-r18 (including) |
Connect_secure | Ivanti | 9.1-r18.1 (including) | 9.1-r18.1 (including) |
Connect_secure | Ivanti | 9.1-r18.2 (including) | 9.1-r18.2 (including) |
Connect_secure | Ivanti | 9.1-r2 (including) | 9.1-r2 (including) |
Connect_secure | Ivanti | 9.1-r3 (including) | 9.1-r3 (including) |
Connect_secure | Ivanti | 9.1-r4 (including) | 9.1-r4 (including) |
Connect_secure | Ivanti | 9.1-r4.1 (including) | 9.1-r4.1 (including) |
Connect_secure | Ivanti | 9.1-r4.2 (including) | 9.1-r4.2 (including) |
Connect_secure | Ivanti | 9.1-r4.3 (including) | 9.1-r4.3 (including) |
Connect_secure | Ivanti | 9.1-r5 (including) | 9.1-r5 (including) |
Connect_secure | Ivanti | 9.1-r6 (including) | 9.1-r6 (including) |
Connect_secure | Ivanti | 9.1-r7 (including) | 9.1-r7 (including) |
Connect_secure | Ivanti | 9.1-r8 (including) | 9.1-r8 (including) |
Connect_secure | Ivanti | 9.1-r8.1 (including) | 9.1-r8.1 (including) |
Connect_secure | Ivanti | 9.1-r8.2 (including) | 9.1-r8.2 (including) |
Connect_secure | Ivanti | 9.1-r9 (including) | 9.1-r9 (including) |
Connect_secure | Ivanti | 9.1-r9.1 (including) | 9.1-r9.1 (including) |
Connect_secure | Ivanti | 21.9-r1 (including) | 21.9-r1 (including) |
Connect_secure | Ivanti | 21.12-r1 (including) | 21.12-r1 (including) |
Connect_secure | Ivanti | 22.1-r1 (including) | 22.1-r1 (including) |
Connect_secure | Ivanti | 22.1-r6 (including) | 22.1-r6 (including) |
Connect_secure | Ivanti | 22.2 (including) | 22.2 (including) |
Connect_secure | Ivanti | 22.2-r1 (including) | 22.2-r1 (including) |
Connect_secure | Ivanti | 22.3-r1 (including) | 22.3-r1 (including) |
Connect_secure | Ivanti | 22.4-r1 (including) | 22.4-r1 (including) |
Connect_secure | Ivanti | 22.4-r2.1 (including) | 22.4-r2.1 (including) |
Connect_secure | Ivanti | 22.6 (including) | 22.6 (including) |
Connect_secure | Ivanti | 22.6-r1 (including) | 22.6-r1 (including) |
Connect_secure | Ivanti | 22.6-r2 (including) | 22.6-r2 (including) |
Connect_secure | Ivanti | 22.6-r2.1 (including) | 22.6-r2.1 (including) |
Policy_secure | Ivanti | 9.0 (including) | 9.0 (including) |
Policy_secure | Ivanti | 9.0-r1 (including) | 9.0-r1 (including) |
Policy_secure | Ivanti | 9.0-r2 (including) | 9.0-r2 (including) |
Policy_secure | Ivanti | 9.0-r2.1 (including) | 9.0-r2.1 (including) |
Policy_secure | Ivanti | 9.0-r3 (including) | 9.0-r3 (including) |
Policy_secure | Ivanti | 9.0-r3.1 (including) | 9.0-r3.1 (including) |
Policy_secure | Ivanti | 9.0-r4 (including) | 9.0-r4 (including) |
Policy_secure | Ivanti | 9.1 (including) | 9.1 (including) |
Policy_secure | Ivanti | 9.1-r1 (including) | 9.1-r1 (including) |
Policy_secure | Ivanti | 9.1-r10 (including) | 9.1-r10 (including) |
Policy_secure | Ivanti | 9.1-r11 (including) | 9.1-r11 (including) |
Policy_secure | Ivanti | 9.1-r12 (including) | 9.1-r12 (including) |
Policy_secure | Ivanti | 9.1-r13 (including) | 9.1-r13 (including) |
Policy_secure | Ivanti | 9.1-r13.1 (including) | 9.1-r13.1 (including) |
Policy_secure | Ivanti | 9.1-r14 (including) | 9.1-r14 (including) |
Policy_secure | Ivanti | 9.1-r15 (including) | 9.1-r15 (including) |
Policy_secure | Ivanti | 9.1-r16 (including) | 9.1-r16 (including) |
Policy_secure | Ivanti | 9.1-r17 (including) | 9.1-r17 (including) |
Policy_secure | Ivanti | 9.1-r18 (including) | 9.1-r18 (including) |
Policy_secure | Ivanti | 9.1-r18.1 (including) | 9.1-r18.1 (including) |
Policy_secure | Ivanti | 9.1-r18.2 (including) | 9.1-r18.2 (including) |
Policy_secure | Ivanti | 9.1-r2 (including) | 9.1-r2 (including) |
Policy_secure | Ivanti | 9.1-r3 (including) | 9.1-r3 (including) |
Policy_secure | Ivanti | 9.1-r3.1 (including) | 9.1-r3.1 (including) |
Policy_secure | Ivanti | 9.1-r4 (including) | 9.1-r4 (including) |
Policy_secure | Ivanti | 9.1-r4.1 (including) | 9.1-r4.1 (including) |
Policy_secure | Ivanti | 9.1-r4.2 (including) | 9.1-r4.2 (including) |
Policy_secure | Ivanti | 9.1-r4.3 (including) | 9.1-r4.3 (including) |
Policy_secure | Ivanti | 9.1-r5 (including) | 9.1-r5 (including) |
Policy_secure | Ivanti | 9.1-r6 (including) | 9.1-r6 (including) |
Policy_secure | Ivanti | 9.1-r7 (including) | 9.1-r7 (including) |
Policy_secure | Ivanti | 9.1-r8 (including) | 9.1-r8 (including) |
Policy_secure | Ivanti | 9.1-r8.1 (including) | 9.1-r8.1 (including) |
Policy_secure | Ivanti | 9.1-r8.2 (including) | 9.1-r8.2 (including) |
Policy_secure | Ivanti | 9.1-r9 (including) | 9.1-r9 (including) |
Policy_secure | Ivanti | 22.1-r1 (including) | 22.1-r1 (including) |
Policy_secure | Ivanti | 22.1-r6 (including) | 22.1-r6 (including) |
Policy_secure | Ivanti | 22.2-r1 (including) | 22.2-r1 (including) |
Policy_secure | Ivanti | 22.2-r3 (including) | 22.2-r3 (including) |
Policy_secure | Ivanti | 22.3-r1 (including) | 22.3-r1 (including) |
Policy_secure | Ivanti | 22.3-r3 (including) | 22.3-r3 (including) |
Policy_secure | Ivanti | 22.4-r1 (including) | 22.4-r1 (including) |
Policy_secure | Ivanti | 22.4-r2 (including) | 22.4-r2 (including) |
Policy_secure | Ivanti | 22.4-r2.1 (including) | 22.4-r2.1 (including) |
Policy_secure | Ivanti | 22.5-r1 (including) | 22.5-r1 (including) |
Policy_secure | Ivanti | 22.6-r1 (including) | 22.6-r1 (including) |