Description
A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
High
Affected products
- Ivanti / Connect Secure22.7R2 – 22.7R2
- Ivanti / Connect Secure22.5R2.2 – 22.5R2.2
- Ivanti / Connect Secure9.1R18.6 – 9.1R18.6