Ivanti Endpoint Manager Cloud Services Appliance vulnerabilities
5 known vulnerabilities affecting ivanti/endpoint_manager_cloud_services_appliance.
Total CVEs
5
CISA KEV
4
actively exploited
Public exploits
2
Exploited in wild
5
Severity breakdown
CRITICAL2HIGH3
Vulnerabilities
Page 1 of 1
CVE-2024-8963P1CRITICALCVSS 9.1KEVPoCv4.62024-09-19
CVE-2024-8963 [CRITICAL] CWE-22 CVE-2024-8963: Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to ac
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
nvd
CVE-2021-44529P1CRITICALCVSS 9.8KEVPoCRansomware≤ 4.5v4.62021-12-08
CVE-2021-44529 [CRITICAL] CWE-94 CVE-2021-44529: A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenti
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
nvd
CVE-2024-9380P1HIGHCVSS 7.2KEVfixed in 5.0.22024-10-08
CVE-2024-9380 [HIGH] CWE-77 CVE-2024-9380: An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 al
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
nvd
CVE-2024-9379P1HIGHCVSS 7.2KEVfixed in 5.0.22024-10-08
CVE-2024-9379 [HIGH] CWE-89 CVE-2024-9379: SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authentica
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
nvd
CVE-2024-9381P2HIGHCVSS 7.2Exploitedfixed in 5.0.22024-10-08
CVE-2024-9381 [HIGH] CWE-22 CVE-2024-9381: Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
nvd