CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-9379

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.838

EPSS Ranking 99.2%

CVSS Severity

CVSS v3 Score 6.5

Proposed Action

Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.

Ransomware Campaign

Unknown

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381

Products affected by CVE-2024-9379

Ivanti » Endpoint Manager Cloud Services Appliance » Version: 4.5

cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.5
Ivanti » Endpoint Manager Cloud Services Appliance » Version: 4.6

cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-9379

Products

Pricing

Contact Us