Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805) - Vulnerability Database

Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)

Description

The Ivanti Connect Secure and Ivanti Policy Secure have an authentication bypass vulnerability. An attacker can bypass the authentication with a specially crafted HTTP request and get administrative access to the system.

Remediation

Upgrade to the latest version of Ivanti Connect Secure / Policy Secure

References

CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways
CVE-2023-46805

Related Vulnerabilities

Wing FTP Server RCE (CVE-2025-47812) Critical
Common tags: Authentication Bypass Known Vulnerabilities
Palo Alto PAN-OS Management Interface Auth Bypass (CVE-2024-0012/CVE-2024-9474) Critical
Common tags: Authentication Bypass Known Vulnerabilities
Apache OFBiz Authentication Bypass (CVE-2023-51467) Critical
Common tags: Authentication Bypass Known Vulnerabilities
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856) Critical
Common tags: Authentication Bypass Known Vulnerabilities
Apache OFBiz RCE (CVE-2024-45195) Critical
Common tags: Authentication Bypass Known Vulnerabilities

Severity

High

Classification

CVE-2023-46805
CWE-287
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Authentication Bypass
Known Vulnerabilities