Ivanti has issued security patches to resolve several vulnerabilities affecting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that may be leveraged for arbitrary code execution.
The enumeration of weaknesses is as follows –

CVE-2024-38657 (CVSS rating: 9.1) – External manipulation of a file name in Ivanti Connect Secure prior to version 22.7R2.4 and Ivanti Policy