A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code
https://thecyberthrone.in/2024/04/08/ivanti-vulnerability-is-wide-spread-cve-2024-21894/
https://securityaffairs.com/161544/security/ivanti-16500-vulnerable-istances.html
https://securityaffairs.com/161465/security/ivanti-code-execution-dos-flaws.html