Blog Security Research Scanning Activity for CVE-2024-22024 (XXE) Vulnerability in Ivanti Sam Tinklenberg is a Senior Security Researcher in the Apps & APIs Threat Research Group at Akamai. Sam comes from a background in web application penetration testing and is passionate about finding and protecting against critical vulnerabilities. While he isn’t breaking web apps, Sam enjoys video and board games, being outside, and spending time with friends and family. Noam Atias is a Security Researcher in the Apps & APIs Threat Research Group at Akamai. Introduction Over the last few weeks, Ivanti has disclosed numerous critical CVEs. The most recent — CVE-2024-22024 — is no different. Although it does not have as high a CVSS score as previous vulnerabilities, CVE-2024-22024 will still likely be a prime target for attackers. \r\n On February 8, 2024, Ivanti published an advisory for CVE-2024-22024. Ivanti originally reported that this flaw was discovered during internal testing.…