CVE Radar

CVE Radar Logo
CVERadar

Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For Free

CVE-2024-22024

Critical Severity|Ivanti
81
SVRS
8.3
CVSSv3
0.94249
EPSS
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
TAGS
In The Wild
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:NS:CC:LI:LA:L
PUBLICATION DATE2024-02-13
LAST MODIFIED2025-05-09
SOCRadarAI Insight

Description:

CVE-2024-22024 is a vulnerability with a CVSS score of 0, indicating a low severity level. The detailed description of the vulnerability is not yet available. However, the SOCRadar Vulnerability Risk Score (SVRS) of 30 suggests that the vulnerability poses a moderate risk and requires attention.

Key Insights:

  1. Threat Actors/APT Groups: There is no information available regarding specific threat actors or APT groups actively exploiting this vulnerability.

  2. Exploit Status: The exploit status is currently unknown. It is essential to monitor security advisories and updates to determine if active exploits have been published.

  3. CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued any warnings or advisories regarding CVE-2024-22024.

  4. In the Wild: There is no information available to confirm whether the vulnerability is actively exploited in the wild.

Mitigation Strategies:

  1. Apply Software Updates: Organizations should prioritize applying software updates and patches as soon as they become available. This is a crucial step in mitigating vulnerabilities and reducing the risk of exploitation.

  2. Implement Network Segmentation: Implementing network segmentation can help contain the impact of a potential breach by limiting the attacker's lateral movement within the network.

  3. Enable Intrusion Detection and Prevention Systems (IDPS): Deploying IDPS can help detect and prevent unauthorized access attempts and malicious activities on the network.

  4. Conduct Regular Security Audits: Regularly conducting security audits can help identify vulnerabilities and misconfigurations that could be exploited by attackers.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Deep CVE Analysis in Progress

The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.

TypeIndicatorDate
IP
27.25.148.1832025-05-23Search on IOC Radar
IP
173.243.138.762025-01-23Search on IOC Radar
IP
156.234.193.182025-01-23Search on IOC Radar
IP
64.176.49.1602023-07-21Search on IOC Radar
IP
154.213.185.2302024-08-06Search on IOC Radar
IP
134.195.90.712024-11-28Search on IOC Radar
IP
188.172.229.152023-11-17Search on IOC Radar
Show All 11 IOCs

No exploits found for this CVE

SOCRadar Logo

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
ISC StormCast for Friday, February 9th, 2024
Dr. Johannes B. Ullrich2024-02-09
ISC StormCast for Friday, February 9th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Podcast Aniversary; Keylogger MP3 Player; Fake LastPass; Ivanti Vuln; @sans_edu @SANSInstituteA Python MP3 Player With Builtin Keylogger Capability https://isc.sans.edu/diary/A%20Python%20MP3%20Player%20with%20Builtin%20Keylogger%20Capability/30632 Fake LastPass App in Apple App Store https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/ Ivanti XXE Vulnerability https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure FortiOS sslvpnd vulnerability<br
sans.edurssforumnews
Scanning Activity for CVE-2024-22024 (XXE) Vulnerability in Ivanti
Sam Tinklenberg &amp; Noam Atias2024-02-14
Scanning Activity for CVE-2024-22024 (XXE) Vulnerability in Ivanti
feedburner.comrssforumnews
Weekly Intelligence Report – 20 February 2026 - cyfirma
2026-02-20
Weekly Intelligence Report – 20 February 2026 - cyfirma | News Content: Published On : 2026-02-20 Ransomware of the week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – that could be relevant to your organization. Type: Ransomware Target Technologies: Windows Introduction CYFIRMA Research and Advisory Team has found Ndm448 Ransomware while monitoring various underground forums as part of our Threat Discovery Process. Ndm448 Ransomware Researchers identified that Ndm448 is a ransomware strain belonging to the Makop ransomware family. Once executed on a
google.comrssforumnews
Neue Security Advisories für Ivanti Connect Secure &amp; Policy Secure und SonicWall SonicOS SSL-VPN
CERT.at2026-02-01
Neue Security Advisories für Ivanti Connect Secure &amp; Policy Secure und SonicWall SonicOS SSL-VPN | Neben den aktuellen Issues in FortiOS wurden diese Woche auch von SonicWall und Ivanti neue Security Advisories ver&ouml;ffentlicht. In beiden F&auml;llen handelt es sich um Probleme rund um die Authentifizierungs in den
cert.atrssforumnews
Show All News

No tweets found for this CVE

Configuration 1
TypeVendorProduct
AppIvanticonnect_secure
Configuration 2
TypeVendorProduct
AppIvantipolicy_secure
Configuration 3
TypeVendorProduct
AppIvantizero_trust_access_gateway
AppIvantizero_trust_access
ReferenceLink
AF854A3A-2127-422B-91AE-364DA2661108https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
[email protected]https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
[email protected]https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
AF854A3A-2127-422B-91AE-364DA2661108https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
[email protected]https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
CWE IDCWE NameDescription
CWE-611Improper Restriction of XML External Entity ReferenceThe software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access