CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-8963

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.943

EPSS Ranking 99.9%

CVSS Severity

CVSS v3 Score 9.4

Proposed Action

Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.

Ransomware Campaign

Unknown

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963

Products affected by CVE-2024-8963

Ivanti » Endpoint Manager Cloud Services Appliance » Version: 4.6

cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8963

Products

Pricing

Contact Us