Ivanti Connect Secure command injection — chained with CVE-2023-46805 SSRF for unauthenticated exploitation by Chinese APT groups. Apply patches and run Ivanti ICT integrity checks. Mass exploitation observed globally.
A command injection vulnerability in web components of Ivanti Connect Secure and Ivanti Policy Secure allows an authenticated administrator to send specially crafted requests and execute arbitrary commands.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →