Ivanti: >> Endpoint Manager Cloud Services Appliance >> 4.5 Security Vulnerabilities
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
CVSS Score
7.2
EPSS Score
0.098
Published
2024-10-08
CVE-2024-9379
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
Known exploited
CVSS Score
6.5
EPSS Score
0.838
Published
2024-10-08
CVE-2024-9380
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
Known exploited
CVSS Score
7.2
EPSS Score
0.849
Published
2024-10-08
CVE-2021-44529
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Known exploited
CVSS Score
9.8
EPSS Score
0.945
Published
2021-12-08