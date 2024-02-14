Over the last few weeks, Ivanti has disclosed numerous critical CVEs. The most recent — CVE-2024-22024 — is no different. Although it does not have as high a CVSS score as previous vulnerabilities, CVE-2024-22024 will still likely be a prime target for attackers.

On February 8, 2024, Ivanti published an advisory for CVE-2024-22024. Ivanti originally reported that this flaw was discovered during internal testing. However, their advisory was later updated to also give credit to watchTowr for responsibly disclosing this vulnerability.

CVE-2024-22024 is an XML external entity (XXE) injection vulnerability located within the SAML component of Ivanti Connect Secure and Ivanti Policy Secure. Successful exploitation of this vulnerability could lead to sensitive information disclosure, denial of service (DoS), server-side request forgery (SSRF), or even arbitrary code execution, depending on the underlying web application.