{"vulnerability": "CVE-2024-1163", "sightings": [{"uuid": "1e6eb7f0-5b59-4112-8a79-a6bb4a344432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11631", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113532057800330857", "content": "", "creation_timestamp": "2024-11-23T11:35:22.275875Z"}, {"uuid": "2eff0520-985b-4494-aa27-7f012555d1a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11632", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113532525086245371", "content": "", "creation_timestamp": "2024-11-23T13:34:12.712417Z"}, {"uuid": "23a89773-4087-49ec-b6ed-c946fba1cf74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11639", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113630179344621728", "content": "", "creation_timestamp": "2024-12-10T19:28:58.417043Z"}, {"uuid": "a68b1755-8a22-4b21-830e-5017c45f37dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11639", "type": "seen", "source": "https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html", "content": "", "creation_timestamp": "2024-12-11T01:59:00.000000Z"}, {"uuid": "72ed0913-65fc-4054-861e-d7cf8d686878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11639", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/113634633741943020", "content": "", "creation_timestamp": "2024-12-11T14:21:46.859053Z"}, {"uuid": "0e51c253-c9c8-4df8-b531-b100b2b4ad76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11639", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/113635131824203334", "content": "", "creation_timestamp": "2024-12-11T16:28:30.704711Z"}, {"uuid": "fe14a521-34b0-4e36-8935-9167ae32cf3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11634", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0484", "content": "", "creation_timestamp": "2024-12-24T12:43:37.000000Z"}, {"uuid": "5b9e66e4-2c21-4634-82e3-35403fe37a0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11633", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0484", "content": "", "creation_timestamp": "2024-12-24T12:43:37.000000Z"}, {"uuid": "0b894c29-e520-469e-8c07-223587bac79d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11636", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113819537102998283", "content": "", "creation_timestamp": "2025-01-13T06:05:08.398373Z"}, {"uuid": "c39c7345-ade0-4929-b791-c42e6f1d00a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11636", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113819557892220521", "content": "", "creation_timestamp": "2025-01-13T06:10:25.508608Z"}, {"uuid": "4b63a883-47cd-473a-88db-bc504cb5a147", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11636", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfm3k2333p2d", "content": "", "creation_timestamp": "2025-01-13T06:15:47.341298Z"}, {"uuid": "2ba41f4c-42b9-426d-8767-54122eabf990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11636", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfm4qfh7xi2q", "content": "", "creation_timestamp": "2025-01-13T06:37:14.034602Z"}, {"uuid": "d3dc61e3-454a-4f4d-aac3-a30a04b31044", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11637", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfo6lqxmqw2f", "content": "", "creation_timestamp": "2025-01-14T02:15:45.494624Z"}, {"uuid": "c1c44b0c-a6c1-4d56-9413-82fcc9d8990e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11639", "type": "seen", "source": "https://bsky.app/profile/podscribe.io/post/3lfg54rkrus2h", "content": "", "creation_timestamp": "2025-01-10T21:28:11.976619Z"}, {"uuid": "b3e3e647-7ae4-44b7-aa8c-2d49ce32fdae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11637", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfohebhbw62g", "content": "", "creation_timestamp": "2025-01-14T04:52:38.746202Z"}, {"uuid": "383eb986-e6d3-4a19-b1e8-060bf3abbdab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11635", "type": "seen", "source": "https://bsky.app/profile/abrahack.bsky.social/post/3lf6kaflqkk2d", "content": "", "creation_timestamp": "2025-01-07T21:01:36.491020Z"}, {"uuid": "26e66ae7-7ee9-4bd2-b688-1cdb66db8ea8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11635", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113791523823209673", "content": "", "creation_timestamp": "2025-01-08T07:20:59.602185Z"}, {"uuid": "ff4ff19b-319a-4120-bd7d-dedce2085a85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11635", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7pvu47mb2e", "content": "", "creation_timestamp": "2025-01-08T08:15:42.044048Z"}, {"uuid": "23feb464-616c-4d09-b114-f5f852a896b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11635", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113791867498520318", "content": "", "creation_timestamp": "2025-01-08T08:48:24.241599Z"}, {"uuid": "5163e131-949c-4d37-8eec-0945456a13a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11635", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf7rqq5gqr2k", "content": "", "creation_timestamp": "2025-01-08T08:48:38.408586Z"}, {"uuid": "a843b568-a9b7-4a27-b4df-14d10015ff76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11635", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf7rqqb6um2e", "content": "", "creation_timestamp": "2025-01-08T08:48:38.912093Z"}, {"uuid": "4d2f7d89-64d1-4d13-ab69-5f0356180fa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11635", "type": "seen", "source": "https://bsky.app/profile/binitamshah.bsky.social/post/3lkiv627dns22", "content": "", "creation_timestamp": "2025-03-16T14:49:41.894861Z"}, {"uuid": "03a2adce-59f1-474a-92c6-d6ff1ebdb476", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11635", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lklwuqfadg2x", "content": "", "creation_timestamp": "2025-03-17T19:58:15.721923Z"}, {"uuid": "f77db614-b8a7-4fce-8b5f-ce6d1c76f3e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11638", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljzas6w7qp2h", "content": "", "creation_timestamp": "2025-03-10T09:35:12.308111Z"}, {"uuid": "48abebe1-5b75-46b2-811f-88260d08f7c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11635", "type": "seen", "source": "https://bsky.app/profile/abrahack.bsky.social/post/3ljrduusax22m", "content": "", "creation_timestamp": "2025-03-07T06:09:08.586211Z"}, {"uuid": "79d59e0d-350a-42aa-ab87-324b1647db38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11635", "type": "seen", "source": "https://bsky.app/profile/abrahack.bsky.social/post/3ljrduusnnc2m", "content": "", "creation_timestamp": "2025-03-07T06:09:09.144417Z"}, {"uuid": "380b2aa1-caba-4188-ba2a-6422dbb44132", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11638", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114138952215170181", "content": "", "creation_timestamp": "2025-03-10T15:56:37.565040Z"}, {"uuid": "60aa2e4b-34c4-428c-9add-61646e5f39c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11634", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-16T23:16:38.000000Z"}, {"uuid": "495c6a7c-901b-42ff-b04a-4473ef9fee15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11633", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-16T23:16:38.000000Z"}, {"uuid": "4a1f5620-4b82-4800-b4dc-0b74717c58fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11634", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-18T16:44:36.000000Z"}, {"uuid": "5db58241-fc97-40c9-9342-d125d744571d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11633", "type": "seen", "source": "MISP/be792712-f638-4d7d-b62d-4f5032e86764", "content": "", "creation_timestamp": "2025-09-18T16:44:36.000000Z"}, {"uuid": "6bedaf90-29c2-465e-b9a9-8f99e035a068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11639", "type": "seen", "source": "MISP/dd71e3c5-20f7-409a-8bcc-8df3cd8022a7", "content": "", "creation_timestamp": "2025-09-03T13:30:06.000000Z"}, {"uuid": "4f78bc91-5056-4447-ad67-252624e9e87f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-11639", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_26/2024", "content": "", "creation_timestamp": "2024-12-11T09:55:00.000000Z"}, {"uuid": "cbb3e658-a5b6-49d3-b2c9-a6f33732b55b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11638", "type": "seen", "source": "https://t.me/cvedetector/19939", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11638 - WordPress Gtbabel Plugin Cookie Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11638 \nPublished : March 10, 2025, 6:15 a.m. | 42\u00a0minutes ago \nDescription : The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-10T08:09:57.000000Z"}, {"uuid": "971e8ec4-94f2-49de-a520-c59ef9adb7c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11633", "type": "seen", "source": "https://t.me/itsec_news/4950", "content": "\u200b\u26a1\ufe0f\u0428\u0435\u0441\u0442\u044c \u0443\u0433\u0440\u043e\u0437, \u043e\u0434\u0438\u043d \u0438\u0441\u0445\u043e\u0434: \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u0441\u043d\u043e\u0432\u0430 \u0432 \u0437\u043e\u043d\u0435 \u0440\u0438\u0441\u043a\u0430 \u0438\u0437-\u0437\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 Ivanti\n\n\ud83d\udcac \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Ivanti \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0435\u0451 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Cloud Services Application (CSA) \u0438 Connect Secure. \u042d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043c\u043e\u0433\u043b\u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u044d\u0441\u043a\u0430\u043b\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-11639 \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c \u0431\u0430\u043b\u043b\u043e\u043c CVSS 10.0. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u0435\u0431-\u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0431\u0435\u0437 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Ivanti CSA \u0434\u043e 5.0.3.\n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 CVE-2024-11772 \u0438 CVE-2024-11773, \u043e\u0431\u0435 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 9.1. \u041e\u043d\u0438 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u0435\u0441\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u043c\u0435\u0435\u0442 \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u0415\u0449\u0451 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, CVE-2024-11633, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0447\u0435\u0440\u0435\u0437 Argument Injection \u0432 Ivanti Connect Secure \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 22.7R2.4. \u0410\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, CVE-2024-11634, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Connect Secure \u0438 Policy Secure. \u041e\u0431\u0435 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9.1.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-8540 (CVSS 8.8) \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 Ivanti Sentry \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u0442\u0440\u043e\u0433\u0438\u0445 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439.\n\nIvanti \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0432\u0441\u0435 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432: CSA 5.0.3, Connect Secure 22.7R2.4, Policy Secure 22.7R1.2, \u0430 \u0442\u0430\u043a\u0436\u0435 Sentry 9.20.2, 10.0.2 \u0438 10.1.0. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u0435\u0439 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u0420\u0430\u043d\u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Ivanti \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u044b\u043c\u0438 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-12-11T18:00:23.000000Z"}, {"uuid": "9ce4eba7-9780-4f3f-af45-3a38fef32fab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11639", "type": "seen", "source": "https://t.me/itsec_news/4950", "content": "\u200b\u26a1\ufe0f\u0428\u0435\u0441\u0442\u044c \u0443\u0433\u0440\u043e\u0437, \u043e\u0434\u0438\u043d \u0438\u0441\u0445\u043e\u0434: \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u0441\u043d\u043e\u0432\u0430 \u0432 \u0437\u043e\u043d\u0435 \u0440\u0438\u0441\u043a\u0430 \u0438\u0437-\u0437\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 Ivanti\n\n\ud83d\udcac \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Ivanti \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0435\u0451 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Cloud Services Application (CSA) \u0438 Connect Secure. \u042d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043c\u043e\u0433\u043b\u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u044d\u0441\u043a\u0430\u043b\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-11639 \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c \u0431\u0430\u043b\u043b\u043e\u043c CVSS 10.0. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u0435\u0431-\u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0431\u0435\u0437 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Ivanti CSA \u0434\u043e 5.0.3.\n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 CVE-2024-11772 \u0438 CVE-2024-11773, \u043e\u0431\u0435 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 9.1. \u041e\u043d\u0438 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u0435\u0441\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u043c\u0435\u0435\u0442 \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u0415\u0449\u0451 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, CVE-2024-11633, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0447\u0435\u0440\u0435\u0437 Argument Injection \u0432 Ivanti Connect Secure \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 22.7R2.4. \u0410\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, CVE-2024-11634, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Connect Secure \u0438 Policy Secure. \u041e\u0431\u0435 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9.1.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-8540 (CVSS 8.8) \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 Ivanti Sentry \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u0442\u0440\u043e\u0433\u0438\u0445 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439.\n\nIvanti \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0432\u0441\u0435 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432: CSA 5.0.3, Connect Secure 22.7R2.4, Policy Secure 22.7R1.2, \u0430 \u0442\u0430\u043a\u0436\u0435 Sentry 9.20.2, 10.0.2 \u0438 10.1.0. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u0435\u0439 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u0420\u0430\u043d\u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Ivanti \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u044b\u043c\u0438 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-12-11T18:00:23.000000Z"}, {"uuid": "4e84092d-b91b-4818-bcaf-2f7a18d7da0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11634", "type": "seen", "source": "https://t.me/itsec_news/4950", "content": "\u200b\u26a1\ufe0f\u0428\u0435\u0441\u0442\u044c \u0443\u0433\u0440\u043e\u0437, \u043e\u0434\u0438\u043d \u0438\u0441\u0445\u043e\u0434: \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u0441\u043d\u043e\u0432\u0430 \u0432 \u0437\u043e\u043d\u0435 \u0440\u0438\u0441\u043a\u0430 \u0438\u0437-\u0437\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 Ivanti\n\n\ud83d\udcac \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Ivanti \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0435\u0451 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Cloud Services Application (CSA) \u0438 Connect Secure. \u042d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043c\u043e\u0433\u043b\u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u044d\u0441\u043a\u0430\u043b\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-11639 \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c \u0431\u0430\u043b\u043b\u043e\u043c CVSS 10.0. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u0435\u0431-\u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0431\u0435\u0437 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Ivanti CSA \u0434\u043e 5.0.3.\n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 CVE-2024-11772 \u0438 CVE-2024-11773, \u043e\u0431\u0435 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 9.1. \u041e\u043d\u0438 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 SQL-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u0435\u0441\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u043c\u0435\u0435\u0442 \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u0415\u0449\u0451 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, CVE-2024-11633, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0447\u0435\u0440\u0435\u0437 Argument Injection \u0432 Ivanti Connect Secure \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 22.7R2.4. \u0410\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, CVE-2024-11634, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Connect Secure \u0438 Policy Secure. \u041e\u0431\u0435 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9.1.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-8540 (CVSS 8.8) \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 Ivanti Sentry \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0441\u0442\u0440\u043e\u0433\u0438\u0445 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439.\n\nIvanti \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0432\u0441\u0435 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432: CSA 5.0.3, Connect Secure 22.7R2.4, Policy Secure 22.7R1.2, \u0430 \u0442\u0430\u043a\u0436\u0435 Sentry 9.20.2, 10.0.2 \u0438 10.1.0. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u0435\u0439 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f. \u0420\u0430\u043d\u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Ivanti \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u044b\u043c\u0438 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-12-11T18:00:23.000000Z"}, {"uuid": "9f82acd9-7d65-4e3a-90bf-02e9ca3f57b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11635", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/667", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11635\n\ud83d\udd39 Description: The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.\n\ud83d\udccf Published: 2025-01-08T07:18:38.747Z\n\ud83d\udccf Modified: 2025-01-08T07:18:38.747Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/b5165f60-6515-4a2c-a124-cc88155eaf01?source=cve\n2. https://plugins.svn.wordpress.org/wp-file-upload/trunk/wfu_file_downloader.php", "creation_timestamp": "2025-01-08T07:38:26.000000Z"}, {"uuid": "50b22554-13e5-4a97-8596-7f09ef800592", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11636", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1355", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11636\n\ud83d\udd39 Description: The Email Subscribers by Icegram Express  WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-01-13T06:00:00.902Z\n\ud83d\udccf Modified: 2025-01-13T06:00:00.902Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/da616c20-3d74-4d3a-95f5-2d71d9ada094/", "creation_timestamp": "2025-01-13T06:06:06.000000Z"}, {"uuid": "dffefd97-59ea-493e-9ff7-2c8825685fd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11638", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6999", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11638\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies.\n\ud83d\udccf Published: 2025-03-10T06:00:01.257Z\n\ud83d\udccf Modified: 2025-03-10T14:17:07.290Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/2f20336f-e12e-4b09-bcaf-45f7249f6495/", "creation_timestamp": "2025-03-10T14:38:41.000000Z"}, {"uuid": "6741a2ce-d7e7-410e-ba3b-0c85b1fe258b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1163", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15809", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1163\n\ud83d\udd25 CVSS Score: 7.7 (cvssV3_0, Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)\n\ud83d\udd39 Description: The attacker may exploit a path traversal vulnerability leading to information disclosure.\n\ud83d\udccf Published: 2024-02-13T14:36:26.882Z\n\ud83d\udccf Modified: 2025-05-09T18:17:25.441Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/c1cbc18b-e4ab-4332-ad13-0033f0f976f5\n2. https://github.com/mbloch/mapshaper/commit/7437d903c0a87802c3751fc529d2de7098094c72", "creation_timestamp": "2025-05-09T18:26:23.000000Z"}, {"uuid": "e8dbb1e4-246f-43b0-bb08-4740ceba035d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11638", "type": "seen", "source": "Telegram/jW-fXHA-d1wc5oavFkC24K24zXWmPLnt9lnSHDhkhqeuk6ly", "content": "", "creation_timestamp": "2025-03-10T19:39:06.000000Z"}, {"uuid": "466f41dc-7621-416d-8405-ad8db7358928", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11638", "type": "seen", "source": "Telegram/9VTeBdLGk-aUArhJCVMmrxbiHX9okfQiW2ZHacahL-xZp7DV", "content": "", "creation_timestamp": "2025-03-10T14:45:04.000000Z"}, {"uuid": "d61fb593-7457-4df7-aaa1-a3c59ad40f66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11635", "type": "seen", "source": "https://t.me/cvedetector/14668", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11635 - Acunil WordPress File Upload Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11635 \nPublished : Jan. 8, 2025, 8:15 a.m. | 40\u00a0minutes ago \nDescription : The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T09:57:41.000000Z"}, {"uuid": "4cbd9506-d14d-45ff-982d-0e126128f790", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11636", "type": "seen", "source": "https://t.me/cvedetector/15125", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11636 - Icegram Express WordPress Stored Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11636 \nPublished : Jan. 13, 2025, 6:15 a.m. | 30\u00a0minutes ago \nDescription : The Email Subscribers by Icegram Express  WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-13T07:52:29.000000Z"}, {"uuid": "b3234ffe-a326-4df5-850e-ccf3649884da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11633", "type": "seen", "source": "https://t.me/cvedetector/12552", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11633 - Ivanti Connect Secure Argument Injection Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-11633 \nPublished : Dec. 10, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T20:49:45.000000Z"}, {"uuid": "0dea6201-63e4-4136-b173-3821ab0b6b22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11639", "type": "seen", "source": "https://t.me/cvedetector/12554", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11639 - Ivanti CSA Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11639 \nPublished : Dec. 10, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T20:49:47.000000Z"}, {"uuid": "c4a8e067-73e9-47ba-a530-30bba60f335b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11634", "type": "seen", "source": "https://t.me/cvedetector/12553", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11634 - Ivanti Connect Secure and Policy Secure Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11634 \nPublished : Dec. 10, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx) \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T20:49:46.000000Z"}, {"uuid": "80ac84eb-3df3-4abd-ba35-c5db5ac3dab8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11639", "type": "seen", "source": "Telegram/XeRh6fY8T7gwkKaGo0cTKiLohc0wmx_TkIwBjTeDSTJF6A", "content": "", "creation_timestamp": "2024-12-11T10:40:49.000000Z"}, {"uuid": "fdc07714-c4bc-480c-b209-99fdf2f648d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11639", "type": "seen", "source": "https://t.me/CyberSecurityIL/63381", "content": "\u05e9\u05d9\u05de\u05d5 \u05dc\u05d1 - \u05d7\u05d1\u05e8\u05ea Ivanti \u05de\u05e9\u05d7\u05e8\u05e8\u05ea \u05e2\u05d3\u05db\u05d5\u05df \u05dc\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d7\u05d3\u05e9\u05d4 \u05d4\u05de\u05e7\u05d1\u05dc\u05ea \u05d3\u05d9\u05e8\u05d5\u05d2 \u05e1\u05d9\u05db\u05d5\u05df \u05de\u05e7\u05e1\u05d9\u05de\u05dc\u05d9 (10.0) \u05d1\u05de\u05d5\u05e6\u05e8 Ivanti CSA.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d4, CVE-2024-11639, \u05de\u05d0\u05e4\u05e9\u05e8\u05ea \u05dc\u05ea\u05d5\u05e7\u05e3 \u05de\u05e8\u05d5\u05d7\u05e7 \u05dc\u05d4\u05e9\u05d9\u05d2 \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05e0\u05d9\u05d4\u05d5\u05dc \u05ea\u05d5\u05da \u05de\u05e2\u05e7\u05e3 \u05e9\u05dc \u05de\u05e0\u05d2\u05e0\u05d5\u05df \u05d4\u05d4\u05d6\u05d3\u05d4\u05d5\u05ea.\n\nhttps://t.me/CyberSecurityIL/6214\n\n#\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea", "creation_timestamp": "2024-12-11T07:08:41.000000Z"}, {"uuid": "28aaada2-eb3f-4a7e-ba7e-ee4550611dc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1163", "type": "seen", "source": "https://t.me/ctinow/183928", "content": "https://ift.tt/T6KzRr7\nCVE-2024-1163", "creation_timestamp": "2024-02-13T16:22:16.000000Z"}]}