Ivanti Connect Secure command injection — chained with CVE-2023-46805 SSRF for unauthenticated exploitation by Chinese APT groups. Apply patches and run Ivanti ICT integrity checks. Mass exploitation observed globally.
A command injection vulnerability in web components of Ivanti Connect Secure and Ivanti Policy Secure allows an authenticated administrator to send specially crafted requests and execute arbitrary commands.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →