CVE-2024-21893 is a critical Server-Side Request Forgery (SSRF) vulnerability in the SAML component of Ivanti Connect Secure. This vulnerability allows attackers to send HTTP GET requests targeting the '/api/v1/license/keys-status' endpoint, which is accessible on a local port (8090). A successful exploit can lead to command injection, where an attacker may execute arbitrary commands on the server. The rule specifically detects GET requests that include potential command injection patterns targeting this endpoint. By monitoring Web Application Firewall (WAF) logs, the rule aims to identify attempts at exploiting this vulnerability through anomalous values within the requests. This is vital for proactive threat detection and response to safeguard the application environment against such exploitation attempts.