Share
## https://sploitus.com/exploit?id=SAINT:44512A21413975FC3A5BC8290C582BF4
Added: 02/05/2024  


### Background

Ivanti Connect Secure is a web-based remote access VPN. 

### Problem

A server-side request forgery vulnerability in the SAML component allows attackers to access restricted resources without authentication. This can lead to remote command execution when chained with other vulnerabilities. 

### Resolution

Apply the appropriate patch referenced in the Ivanti Security Advisory. 

### References

https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure   


### Platforms

Linux