An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Connect_secure | Ivanti | 9.1-r1 (including) | 9.1-r1 (including) |
| Connect_secure | Ivanti | 9.1-r10 (including) | 9.1-r10 (including) |
| Connect_secure | Ivanti | 9.1-r11 (including) | 9.1-r11 (including) |
| Connect_secure | Ivanti | 9.1-r11.5 (including) | 9.1-r11.5 (including) |
| Connect_secure | Ivanti | 9.1-r12 (including) | 9.1-r12 (including) |
| Connect_secure | Ivanti | 9.1-r13 (including) | 9.1-r13 (including) |
| Connect_secure | Ivanti | 9.1-r14 (including) | 9.1-r14 (including) |
| Connect_secure | Ivanti | 9.1-r15 (including) | 9.1-r15 (including) |
| Connect_secure | Ivanti | 9.1-r16 (including) | 9.1-r16 (including) |
| Connect_secure | Ivanti | 9.1-r17 (including) | 9.1-r17 (including) |
| Connect_secure | Ivanti | 9.1-r18 (including) | 9.1-r18 (including) |
| Connect_secure | Ivanti | 9.1-r2 (including) | 9.1-r2 (including) |
| Connect_secure | Ivanti | 9.1-r3 (including) | 9.1-r3 (including) |
| Connect_secure | Ivanti | 9.1-r4 (including) | 9.1-r4 (including) |
| Connect_secure | Ivanti | 9.1-r4.1 (including) | 9.1-r4.1 (including) |
| Connect_secure | Ivanti | 9.1-r4.2 (including) | 9.1-r4.2 (including) |
| Connect_secure | Ivanti | 9.1-r4.3 (including) | 9.1-r4.3 (including) |
| Connect_secure | Ivanti | 9.1-r5 (including) | 9.1-r5 (including) |
| Connect_secure | Ivanti | 9.1-r6 (including) | 9.1-r6 (including) |
| Connect_secure | Ivanti | 9.1-r7 (including) | 9.1-r7 (including) |
| Connect_secure | Ivanti | 9.1-r8 (including) | 9.1-r8 (including) |
| Connect_secure | Ivanti | 9.1-r9 (including) | 9.1-r9 (including) |
| Connect_secure | Ivanti | 22.1 (including) | 22.1 (including) |
| Connect_secure | Ivanti | 22.2 (including) | 22.2 (including) |
| Connect_secure | Ivanti | 22.3 (including) | 22.3 (including) |
| Connect_secure | Ivanti | 22.4 (including) | 22.4 (including) |
| Connect_secure | Ivanti | 22.5 (including) | 22.5 (including) |
| Connect_secure | Ivanti | 22.6 (including) | 22.6 (including) |
| Policy_secure | Ivanti | 9.0 (including) | 9.0 (including) |
| Policy_secure | Ivanti | 9.0-r1 (including) | 9.0-r1 (including) |
| Policy_secure | Ivanti | 9.0-r2 (including) | 9.0-r2 (including) |
| Policy_secure | Ivanti | 9.0-r2.1 (including) | 9.0-r2.1 (including) |
| Policy_secure | Ivanti | 9.0-r3 (including) | 9.0-r3 (including) |
| Policy_secure | Ivanti | 9.0-r3.1 (including) | 9.0-r3.1 (including) |
| Policy_secure | Ivanti | 9.0-r4 (including) | 9.0-r4 (including) |
| Policy_secure | Ivanti | 9.1 (including) | 9.1 (including) |
| Policy_secure | Ivanti | 9.1-r1 (including) | 9.1-r1 (including) |
| Policy_secure | Ivanti | 9.1-r10 (including) | 9.1-r10 (including) |
| Policy_secure | Ivanti | 9.1-r11 (including) | 9.1-r11 (including) |
| Policy_secure | Ivanti | 9.1-r12 (including) | 9.1-r12 (including) |
| Policy_secure | Ivanti | 9.1-r13 (including) | 9.1-r13 (including) |
| Policy_secure | Ivanti | 9.1-r14 (including) | 9.1-r14 (including) |
| Policy_secure | Ivanti | 9.1-r15 (including) | 9.1-r15 (including) |
| Policy_secure | Ivanti | 9.1-r16 (including) | 9.1-r16 (including) |
| Policy_secure | Ivanti | 9.1-r17 (including) | 9.1-r17 (including) |
| Policy_secure | Ivanti | 9.1-r18 (including) | 9.1-r18 (including) |
| Policy_secure | Ivanti | 9.1-r2 (including) | 9.1-r2 (including) |
| Policy_secure | Ivanti | 9.1-r3 (including) | 9.1-r3 (including) |
| Policy_secure | Ivanti | 9.1-r4 (including) | 9.1-r4 (including) |
| Policy_secure | Ivanti | 9.1-r5 (including) | 9.1-r5 (including) |
| Policy_secure | Ivanti | 9.1-r6 (including) | 9.1-r6 (including) |
| Policy_secure | Ivanti | 9.1-r7 (including) | 9.1-r7 (including) |
| Policy_secure | Ivanti | 9.1-r8 (including) | 9.1-r8 (including) |
| Policy_secure | Ivanti | 9.1-r9 (including) | 9.1-r9 (including) |
| Policy_secure | Ivanti | 22.1 (including) | 22.1 (including) |
| Policy_secure | Ivanti | 22.2 (including) | 22.2 (including) |
| Policy_secure | Ivanti | 22.3 (including) | 22.3 (including) |
| Policy_secure | Ivanti | 22.4 (including) | 22.4 (including) |
| Policy_secure | Ivanti | 22.5 (including) | 22.5 (including) |
| Policy_secure | Ivanti | 22.6 (including) | 22.6 (including) |