Home / Security updates / Ivanti Connect Secure and Ivanti Policy Secure Authentication Bypass Vulnerability (CVE 2023-46805) Ivanti Connect Secure and Ivanti Policy Secure Command Injection Vulnerability (CVE 2024-21887)
Ivanti Connect Secure and Ivanti Policy Secure Authentication Bypass Vulnerability (CVE 2023-46805) Ivanti Connect Secure and Ivanti Policy Secure Command Injection Vulnerability (CVE 2024-21887)
Security updates detail rendered from /security-updates/upd_fef61908b90b1a10.
Overview
| ID | upd_fef61908b90b1a10 |
| Collection | Security Updates |
| Provider | TrustShare (TrustCloud / Kintent) |
| Company | NetDocuments |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_fef61908b90b1a10 |
| providerId | trustshare |
| organizationId | org_4a457454e923c339 |
| trustCenterId | tc_8fd59c21a514b60f |
| title | Ivanti Connect Secure and Ivanti Policy Secure Authentication Bypass Vulnerability (CVE 2023-46805) Ivanti Connect Secure and Ivanti Policy Secure Command Injection Vulnerability (CVE 2024-21887) |
| type | general |
| message | Executive Summary NetDocuments is NOT affected by the Ivanti Connect Secure and Ivanti Policy Secure vulnerabilities described in CVE 2023-46805 and CVE 2024-21887. CVE 2023-46805 is an authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure that allows a remote attacker to access restricted resources by bypassing control checks. CVE 2024-21887 is a command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) that allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. NetDocuments has not used Ivanti software products and does not have the affected applications installed in our corporate or production networks. History CVE-2023-46805 The CVE was first published by Ivanti on 10 January 2024. It was published in the National Vulnerability Database on 12 January 2024. The vulnerability was added to the NIST catalog of known exploited vulnerabilities on 10 January 2024. CVE-2024-21887 The CVE was first published by Ivanti on 10 January 2024. It was published in the National Vulnerability Database on 12 January 2024. The vulnerability was added to the NIST catalog of known exploited vulnerabilities on 22 January 2024. NetDocuments Status: NetDocuments Compliance Trust Services and Cybersecurity Teams confirmed a lack of exposure to these vulnerabilities following the first customer inquiry, which was received on 16 January 2024. The Cybersecurity Team subscribes to NVD alerts but had not previously flagged this as there are no Ivanti products present in our networks. The Cybersecurity Team provided confirmation of lack of exposure to the Compliance Department on 17 January 2024. Statement Regarding the NetDocuments Service In operation for over twenty years, NetDocuments employs a dedicated team of cybersecurity professionals to constantly monitor for the range of threats present in the modern information technology environment and the ability of any of these to impact the availability, integrity, and security of the documents our customers entrust to the NetDocuments Service. We continue to offer our customers an unparalleled degree of safety and security. |
| publishedAt | 2025-04-28 |
| gated | no |
| source | {
"field": "trustshare/notifications[]"
} |
| company | {
"id": "org_4a457454e923c339",
"name": "NetDocuments",
"domains": [
"trust.netdocuments.com",
"www.netdocuments.com"
]
} |
| trust_center | {
"id": "tc_8fd59c21a514b60f",
"name": "NetDocuments",
"url": "https://trust.netdocuments.com",
"host": "trust.netdocuments.com"
} |
| provider | {
"id": "trustshare",
"name": "TrustShare (TrustCloud / Kintent)"
} |
| links | {
"self": "/v1/security-updates/upd_fef61908b90b1a10",
"company": "/v1/companies/org_4a457454e923c339",
"trust_center": "/v1/trust-centers/tc_8fd59c21a514b60f",
"provider": "/v1/providers/trustshare"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_fef61908b90b1a10JSON