CVE-2024-11633

High

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve…

ivanti·CWE-88·Published 2024-12-10

CVSS

7.2

EPSS

0.02

KEV

Exploits

cve.orgen

161 chars

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

NVDen

161 chars

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution

La inyección de argumentos en Ivanti Connect Secure anterior a la versión 22.7R2.4 permite que un atacante remoto autenticado con privilegios de administrador logre la ejecución remota de código

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.1	2.3	6.0	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H