Ivanti: >> Endpoint Manager Cloud Services Appliance Security Vulnerabilities
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
CVSS Score
7.2
EPSS Score
0.093
Published
2024-10-08
CVE-2024-9379
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
Known exploited
CVSS Score
6.5
EPSS Score
0.838
Published
2024-10-08
CVE-2024-9380
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
Known exploited
CVSS Score
7.2
EPSS Score
0.83
Published
2024-10-08
CVE-2024-8963
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
Known exploited
CVSS Score
9.4
EPSS Score
0.943
Published
2024-09-19
CVE-2021-44529
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Known exploited
CVSS Score
9.8
EPSS Score
0.945
Published
2021-12-08