CVE-2022-21828

HIGH

Ivanti Incapptic Connect - Insecure Deserialization

Title source: rule

Description

A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.

References (1)

Scores

CVSS v3 7.2
EPSS 0.1538
EPSS Percentile 94.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (11)

ivanti/incapptic_connect
ivanti/incapptic_connect
ivanti/incapptic_connect
ivanti/incapptic_connect
ivanti/incapptic_connect
ivanti/incapptic_connect
ivanti/incapptic_connect
ivanti/incapptic_connect
ivanti/incapptic_connect
ivanti/incapptic_connect
ivanti/incapptic_connect

Timeline

Published Mar 04, 2022
Tracked Since Feb 18, 2026