CVE-2024-21893

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 10 articles Published: 2024-01-31

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

94.32%

probability

This CVE has a 94.32% probability of being exploited in the next 30 days.

0% Top 100.0th percentile of all CVEs 100%

CVSS v3.0

Source: VulnerabilityLookup (CIRCL)

8.2

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Description

VulnerabilityLookup (CNA)

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

Affected Products

Ivanti

ICS

9.1R18 22.6R2

Ivanti

IPS

9.1R18 22.6R1

Attack Intelligence

CWE-441 CWE-610 CWE-664 · Improper Control of a Resource Through its Lifetime CWE-918 · Server-Side Request Forgery

Exploits & PoC

h4x0r-dz/CVE-2024-21893.py

CVE-2024-21893: SSRF Vulnerability in Ivanti Connect Secure

Chocapikk/CVE-2024-21893-to-CVE-2024-21887

CVE-2024-21893 to CVE-2024-21887 Exploit Toolkit

2 repos — triés par ⭐ Rechercher sur GitHub ↗

https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

Signal Intelligence

Confidenceⓘ

92%

EPSS 94.32%

CVSS v3.0 8.2

Mentions 10

Last Seen Aug 06, 2024

CNA Information

CNA Assigner

hackerone

Analyst Note

CVE-2024-21893 is explicitly named as a zero-day being exploited in attacks by Ivanti and reported by BleepingComputer. Published 2024-01-31 with active exploitation documented in early 2024. No evidence of prior patch availability before exploitation reports. Clear zero-day exploitation confirmation.