CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-44529

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.945

EPSS Ranking 100.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

Proposed Action

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).

Ransomware Campaign

Known

References

http://packetstormsecurity.com/files/166383/Ivanti-Endpoint-Manager-CSA-4.5-4.6-Remote-Code-Execution.html
http://packetstormsecurity.com/files/170590/Ivanti-Cloud-Services-Appliance-CSA-Command-Injection.html
https://forums.ivanti.com/s/article/SA-2021-12-02
http://packetstormsecurity.com/files/166383/Ivanti-Endpoint-Manager-CSA-4.5-4.6-Remote-Code-Execution.html
http://packetstormsecurity.com/files/170590/Ivanti-Cloud-Services-Appliance-CSA-Command-Injection.html
https://forums.ivanti.com/s/article/SA-2021-12-02

Products affected by CVE-2021-44529

Ivanti » Endpoint Manager Cloud Services Appliance » Version: 4.5

cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.5
Ivanti » Endpoint Manager Cloud Services Appliance » Version: 4.6

cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-44529

Products

Pricing

Contact Us