← Back

CVE-2023-46805

nvd nistnuclei
Published: Jan 12, 2024Modified: Oct 31, 2025CISA KEV

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Exploitability: 3.9 / Impact: 4.2
Source: NVD

Description

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Affected (81)

Ivanti
2 products
Connect Secure
Policy Secure
Configuration A
81 vulnerable
Vulnerable SoftwareAffected Versions
Ivanti
Connect Secure
Version 22.1 r1
Connect Secure
Version 22.1 r6
Connect Secure
Version 22.2
Connect Secure
Version 22.2 r1
Connect Secure
Version 22.3 r1
Connect Secure
Version 22.4 r1
Connect Secure
Version 22.4 r2.1
Connect Secure
Version 22.5 r2.1
Connect Secure
Version 22.6
Connect Secure
Version 22.6 r1
Connect Secure
Version 22.6 r2
Connect Secure
Version 9.0
Connect Secure
Version 9.1 r10
Connect Secure
Version 9.1 r11.3
Connect Secure
Version 9.1 r11.4
Connect Secure
Version 9.1 r11.5
Connect Secure
Version 9.1 r11
Connect Secure
Version 9.1 r12.1
Connect Secure
Version 9.1 r12
Connect Secure
Version 9.1 r13.1
Connect Secure
Version 9.1 r13
Connect Secure
Version 9.1 r14
Connect Secure
Version 9.1 r15.2
Connect Secure
Version 9.1 r15
Connect Secure
Version 9.1 r16.1
Connect Secure
Version 9.1 r16
Connect Secure
Version 9.1 r17.1
Connect Secure
Version 9.1 r17
Connect Secure
Version 9.1 r18
Connect Secure
Version 9.1 r1
Connect Secure
Version 9.1 r2
Connect Secure
Version 9.1 r3
Connect Secure
Version 9.1 r4.1
Connect Secure
Version 9.1 r4.2
Connect Secure
Version 9.1 r4.3
Connect Secure
Version 9.1 r4
Connect Secure
Version 9.1 r5
Connect Secure
Version 9.1 r6
Connect Secure
Version 9.1 r7
Connect Secure
Version 9.1 r8.1
Connect Secure
Version 9.1 r8.2
Connect Secure
Version 9.1 r8
Connect Secure
Version 9.1 r9.1
Connect Secure
Version 9.1 r9
Ivanti
Policy Secure
Version 22.1 r1
Policy Secure
Version 22.1 r6
Policy Secure
Version 22.2 r1
Policy Secure
Version 22.2 r3
Policy Secure
Version 22.3 r1
Policy Secure
Version 22.3 r3
Policy Secure
Version 22.4 r1
Policy Secure
Version 22.4 r2.1
Policy Secure
Version 22.4 r2
Policy Secure
Version 22.5 r1
Policy Secure
Version 22.5 r2.1
Policy Secure
Version 22.6 r1
Policy Secure
Version 9.0
Policy Secure
Version 9.1 r10
Policy Secure
Version 9.1 r11
Policy Secure
Version 9.1 r12
Policy Secure
Version 9.1 r13.1
Policy Secure
Version 9.1 r13
Policy Secure
Version 9.1 r14
Policy Secure
Version 9.1 r15
Policy Secure
Version 9.1 r16
Policy Secure
Version 9.1 r17
Policy Secure
Version 9.1 r18
Policy Secure
Version 9.1 r1
Policy Secure
Version 9.1 r2
Policy Secure
Version 9.1 r3.1
Policy Secure
Version 9.1 r3
Policy Secure
Version 9.1 r4.1
Policy Secure
Version 9.1 r4.2
Policy Secure
Version 9.1 r4
Policy Secure
Version 9.1 r5
Policy Secure
Version 9.1 r6
Policy Secure
Version 9.1 r7
Policy Secure
Version 9.1 r8.1
Policy Secure
Version 9.1 r8.2
Policy Secure
Version 9.1 r8
Policy Secure
Version 9.1 r9

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (5)

Source: support@hackerone.com
ExploitThird Party AdvisoryVDB Entry
Source: support@hackerone.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.