Conversation
AttackerKB
attackerkb
New assessment for topic: CVE-2024-22024
Topic description: "An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. ..."
"An HTTP POST request towards /dana-na/auth/saml-sso.cgi using the SAMLRequest as the vehicle with a base64 decoded XXE payload works and is already observed being abused in the wild. ..."
Link: https://www.attackerkb.com/assessments/e3572615-0a93-4e5b-a181-432316d5c6d3
Topic description: "An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. ..."
"An HTTP POST request towards /dana-na/auth/saml-sso.cgi using the SAMLRequest as the vehicle with a base64 decoded XXE payload works and is already observed being abused in the wild. ..."
Link: https://www.attackerkb.com/assessments/e3572615-0a93-4e5b-a181-432316d5c6d3
0
0
0