Rapid7 Vulnerability & Exploit Database

Pulse Secure Pulse Connect Secure: SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow), CVE-2024-22023 (XML entity expansion or XXE) and CVE-2024-29205 for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Pulse Secure Pulse Connect Secure: SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow), CVE-2024-22023 (XML entity expansion or XXE) and CVE-2024-29205 for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

04/25/2024

Created

05/22/2024

Added

05/21/2024

Modified

07/12/2024

Description

An Improper Check for Unusual Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in order to cause service disruptions.

Solution(s)

pulse-secure-pulse-connect-secure-upgrade-22_1r6_2
pulse-secure-pulse-connect-secure-upgrade-22_2r4_2
pulse-secure-pulse-connect-secure-upgrade-22_3r1_2
pulse-secure-pulse-connect-secure-upgrade-22_4r2_4
pulse-secure-pulse-connect-secure-upgrade-22_5r2_4
pulse-secure-pulse-connect-secure-upgrade-22_6r2_3
pulse-secure-pulse-connect-secure-upgrade-22_7r2
pulse-secure-pulse-connect-secure-upgrade-9_1r18_5

References

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Pulse Secure Pulse Connect Secure: SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow), CVE-2024-22023 (XML entity expansion or XXE) and CVE-2024-29205 for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Pulse Secure Pulse Connect Secure: SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow), CVE-2024-22023 (XML entity expansion or XXE) and CVE-2024-29205 for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.