Ivanti Cloud Services Appliance vulnerabilities
7 known vulnerabilities affecting ivanti/cloud_services_appliance.
Total CVEs
7
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH5MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-8190P1HIGHCVSS 7.2KEVPoCv4.62024-09-10
CVE-2024-8190 [HIGH] CWE-78 CVE-2024-8190: An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
nvd
CVE-2024-11639P2CRITICALCVSS 9.8fixed in 5.0.32024-12-10
CVE-2024-11639 [CRITICAL] CWE-288 CVE-2024-11639: An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthe
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
nvd
CVE-2024-47908P2HIGHCVSS 7.2fixed in 5.0.52025-02-11
CVE-2024-47908 [HIGH] CWE-78 CVE-2024-47908: OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote aut
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-11773P3HIGHCVSS 7.2fixed in 5.0.32024-12-10
CVE-2024-11773 [HIGH] CWE-89 CVE-2024-11773: SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authentica
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
nvd
CVE-2024-11772P3HIGHCVSS 7.2fixed in 5.0.32024-12-10
CVE-2024-11772 [HIGH] CWE-77 CVE-2024-11772: Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authen
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2025-22460P3HIGHCVSS 7.8fixed in 5.0.52025-05-13
CVE-2025-22460 [HIGH] CWE-1392 CVE-2025-22460: Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authent
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.
nvd
CVE-2024-11771P3MEDIUMCVSS 5.3fixed in 5.0.52025-02-11
CVE-2024-11771 [MEDIUM] CWE-22 CVE-2024-11771: Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access
Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.
nvd