Statement on CVE 2024-21887 Ivanti Command Injection Vulnerability

January 29, 2024

Information

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Risk

Not Applicable

Response

Melissa Data Corporation (“Melissa”) was not impacted by the Ivanti vulnerability as we do not utilize Ivanti for any Melissa commercial web services or products.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.