Mitigation Instructions for Drupal SEoL (6.x)
Subject: Drupal Unsupported Version Detection (6.x)
1 min read
CyRisk Vulnerability Management Team
:
Feb 23, 2024 4:41:49 PM
SUBJECT: Mitigation for Ivanti Connect Secure and Policy Secure Command Injection Vulnerability (CVE-2024-21887)
TECH STACK: Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x)
DATE(S) ISSUED: 01/12/2024
NVD Last Modified: 01/22/2024
CRITICALITY: HIGH (CVSS Score: 9.1)
OVERVIEW:
This vulnerability affects Ivanti Connect Secure and Policy Secure versions 9.x and 22.x. It allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance, potentially compromising data, installing backdoors, or launching further attacks.
SOLUTION/MITIGATION:
Immediate Action:
Additional Protective Measures:
Confirmation & Additional Information:
REFERENCES:
Subject: Drupal Unsupported Version Detection (6.x)
Subject: Microsoft SQL Server Unsupported Version Detection
Subject: Python Unsupported Version Detection