CVE-2024-7593
9.8 CRITICALIncorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticate...
Published: 2024-08-13 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-287, CWE-303
Affected products
| Vendor | Product |
|---|---|
| ivanti | virtual_traffic_manager |
Description
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-6973 — A configuration control vulnerability in the Ivanti Endpoint Manager Mobile before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remo... (7.2 HIGH)
Same CWE
- CVE-2026-47166 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.7 MEDIUM)
- CVE-2026-46705 — Russh is a Rust SSH client & server library (5.3 MEDIUM)
- CVE-2022-48575 — A person with access to a Mac may be able to bypass Login Window (3.5 LOW)
- CVE-2026-45567 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (8.3 HIGH)
- CVE-2026-47838 — SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wr... (6.8 MEDIUM)