{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T06:30:26.439","vulnerabilities":[{"cve":{"id":"CVE-2024-21887","sourceIdentifier":"support@hackerone.com","published":"2024-01-12T17:15:10.017","lastModified":"2025-10-31T21:56:55.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)  allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance."},{"lang":"es","value":"Una vulnerabilidad de inyección de comandos en componentes web de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure (9.x, 22.x) permite a un administrador autenticado enviar solicitudes especialmente manipuladas y ejecutar comandos arbitrarios en el dispositivo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}]},"cisaExploitAdd":"2024-01-10","cisaActionDue":"2024-01-22","cisaRequiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Ivanti Connect Secure and Policy Secure Command Injection Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*","matchCriteriaId":"BEAA1F3F-FC78-43C1-814A-19E94AC4A844"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*","matchCriteriaId":"4B21C181-DC49-4EBD-9932-DBB337151FF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*","matchCriteriaId":"5A3A93FE-41BF-43F2-9EFC-89656182329F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*","matchCriteriaId":"8D5F47BA-DE6D-443D-95C3-A45F80EDC71E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*","matchCriteriaId":"366EF5B8-0233-49B8-806A-E54F60410ADE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*","matchCriteriaId":"6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*","matchCriteriaId":"2DDDA231-2A5E-4C70-8620-535C7F9027A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*","matchCriteriaId":"32E0B425-A9BA-4D00-84A9-46268072D696"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*","matchCriteriaId":"BBC724E8-195B-4CB4-AC2A-63E184AED4F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*","matchCriteriaId":"65435A96-EF7A-439A-AA6C-CB7EAEF0A963"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*","matchCriteriaId":"3027A9CE-849E-4CAE-A1C4-170DEAF4FE86"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*","matchCriteriaId":"C132BA26-BCA0-43E6-9511-34ACFFA136A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*","matchCriteriaId":"CE228FBD-5AD1-4BC6-AF63-5248E671B04F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*","matchCriteriaId":"D7DBCD6B-B7AA-4AB0-852F-563A2EC85DB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*","matchCriteriaId":"44C26423-8621-4F6D-A45B-0A6B6E873AB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*","matchCriteriaId":"BC391EB5-C457-459C-8EAA-EA0043487C0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*","matchCriteriaId":"DB6CEA16-F422-48F1-9473-3931B1BFA63F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*","matchCriteriaId":"E238AB9F-99C1-4F0D-B442-D390065D35D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*","matchCriteriaId":"28FDE909-711C-41EC-8BA6-AC4DE05EA27E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*","matchCriteriaId":"4FEFC4B1-7350-46F9-80C1-42F5AE06142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*","matchCriteriaId":"DB7A6D62-6576-4713-9BF4-11068A72E8B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*","matchCriteriaId":"843BC1B9-50CC-4F8F-A454-A0CEC6E92290"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*","matchCriteriaId":"D5355372-03EA-46D7-9104-A2785C29B664"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*","matchCriteriaId":"3DE32A0C-8944-4F51-A286-266055CA4B2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*","matchCriteriaId":"0349A0CC-A372-4E51-899E-D7BA67876F4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*","matchCriteriaId":"93D1A098-BD77-4A7B-9070-A764FB435981"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*","matchCriteriaId":"3CCC2D7B-F835-45EC-A316-2F0C5F2CF565"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*","matchCriteriaId":"AD812596-C77C-4129-982F-C22A25B52126"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*","matchCriteriaId":"9FA0B20D-3FA1-42AE-BDC5-93D8A182927C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*","matchCriteriaId":"BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*","matchCriteriaId":"DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*","matchCriteriaId":"16DAA769-8F0D-4C54-A8D9-9902995605B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*","matchCriteriaId":"B2C10C89-1DBC-4E91-BD28-D5097B589CA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*","matchCriteriaId":"80C56782-273A-4151-BE81-13FEEFE46A6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*","matchCriteriaId":"6564FE9E-7D96-4226-8378-DAC25525CDD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*","matchCriteriaId":"361FAA47-52FF-4B36-96B0-9C178A4E031B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*","matchCriteriaId":"BCBF6DD0-2826-4E61-8FB6-DB489EBF8981"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*","matchCriteriaId":"415219D0-2D9A-4617-ABB7-6FF918421BEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*","matchCriteriaId":"E9F55E7B-7B38-4AEC-A015-D8CB9DE5E72C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*","matchCriteriaId":"D3DF17AC-EC26-4B76-8989-B7880C9EF73E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*","matchCriteriaId":"001E117B-E8EE-4C20-AEBF-34FF5EB5051E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*","matchCriteriaId":"6C383863-1E90-4B72-A500-4326782BC92F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*","matchCriteriaId":"AB9A5868-34FB-446E-817F-6701CC5DE923"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*","matchCriteriaId":"5456F61D-1FD1-4DA6-AFA3-4073889AD22A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DD00E2EC-B772-4FE8-8CC5-829BE45BE878"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*","matchCriteriaId":"A07B66E0-A679-4912-8CB1-CD134713EDC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*","matchCriteriaId":"BF767F07-2E9F-4099-829D-2F70E85D8A35"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*","matchCriteriaId":"B994E22B-8FA5-4510-82F6-7820BDA7C307"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*","matchCriteriaId":"FE5C4ABC-2BEB-4741-95B3-303903369818"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*","matchCriteriaId":"D50C5526-F791-4C76-B5C0-DA2E1281C9E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*","matchCriteriaId":"2CB8240E-7683-4C39-9654-4F8D1F682288"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*","matchCriteriaId":"7A53C031-E7A5-47B6-BA4A-DD28432E743F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*","matchCriteriaId":"4BEE355B-1C2D-4BEB-8922-EAEAA5A1FAE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*","matchCriteriaId":"B90687F3-A5C1-4706-AD66-D78EE512E4C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*","matchCriteriaId":"D10A3F2D-6A62-4A48-93FB-274527C821D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*","matchCriteriaId":"811C7E7E-89AB-47DF-BACD-ED478DF756BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*","matchCriteriaId":"6D37A6E4-D58E-444D-AF6A-15461F38E81A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*","matchCriteriaId":"FC2B9DA0-E32B-4125-9986-F0D3814C66E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*","matchCriteriaId":"38A0D7CF-7D55-4933-AE8C-36006D6779E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*","matchCriteriaId":"C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*","matchCriteriaId":"BAFDA618-D15D-401D-AC68-0020259FEC57"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*","matchCriteriaId":"D55AB5F0-132F-4C40-BF4F-684E139B774B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*","matchCriteriaId":"6BE937D2-8BEE-4E64-8738-F550EAD00F50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*","matchCriteriaId":"9C753520-1BC6-4980-AFC9-4C2FDDF2FD18"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*","matchCriteriaId":"AC3863BC-3B9A-402B-A74A-149CDF717EC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*","matchCriteriaId":"E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*","matchCriteriaId":"CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*","matchCriteriaId":"7ED1686B-2D80-4ECF-9F7A-AEA989E17C84"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*","matchCriteriaId":"092DA2A3-5CEF-433F-8E5B-4850E4095CC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*","matchCriteriaId":"A385F38B-0B03-4B69-B7A1-952F5BAE727C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*","matchCriteriaId":"925DCCBA-9382-4A39-84B8-4DEAFD2BC802"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*","matchCriteriaId":"34C118FB-7AE0-466C-822A-348A2F6016AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*","matchCriteriaId":"1536DB45-9A42-4549-A10E-FDBB6693DF17"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*","matchCriteriaId":"51FF66C9-9415-4EAD-8F19-D5E067336885"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*","matchCriteriaId":"8BBC1E81-0A2A-4166-BFA6-2B866B4F8AE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*","matchCriteriaId":"D73729EB-C679-4CED-9F36-212B0581EC22"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*","matchCriteriaId":"14B481E8-D887-408F-B892-D2939CD037AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*","matchCriteriaId":"3EB8380F-D229-4AF0-B27C-47760F843E48"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*","matchCriteriaId":"CB4B1ED6-38AD-44F8-9B77-2D6924E8A20E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*","matchCriteriaId":"28A9318A-0D4D-4EF1-998B-4A82A1AB63F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*","matchCriteriaId":"56C7542D-3520-4E4D-936C-5295068C4CD7"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html","source":"support@hackerone.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US","source":"support@hackerone.com","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21887","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}