NULL Pointer Dereference

CVE-2024-22023

Medium

5.3/10

Summary

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

Advisory Timeline

Published Apr 04, 2024

NULL Pointer Dereference

CVE-2024-22023

Summary

CWE-476 - NULL Pointer Dereference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS