## https://sploitus.com/exploit?id=SAINT:44512A21413975FC3A5BC8290C582BF4
Added: 02/05/2024
### Background
Ivanti Connect Secure is a web-based remote access VPN.
### Problem
A server-side request forgery vulnerability in the SAML component allows attackers to access restricted resources without authentication. This can lead to remote command execution when chained with other vulnerabilities.
### Resolution
Apply the appropriate patch referenced in the Ivanti Security Advisory.
### References
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure
### Platforms
Linux