Ivanti Cloud Services Appliance - Path Traversal

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. id: CVE-2024-8963 info: name: Ivanti Cloud Services Appliance - Path Traversal author: johnk3r severity: critical description: | Path Traversal in the Ivanti CSA befo...

EUVD-2025-14969

Malicious code in bioql PyPI...

The vulnerability of the Ivanti Cloud Services Application’s network component, related to the use of default credentials, allows a hacker to escalate their privileges.

The vulnerability of the Ivanti Cloud Services Application’s network component is related to the use of default credentials. Exploiting this vulnerability could allow an attacker to gain increased privileges...

Ivanti Cloud Services Application Elevation of Privilege Vulnerability

The Ivanti Cloud Services Application CSA is a locally deployed virtual appliance designed to simplify and enhance the integration of Ivanti products with cloud services. An elevation of privilege vulnerability exists in Ivanti Cloud Services Application, which is derived from default credentials...

CVE-2025-22460

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges...

CVE-2025-22460

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges...

CVE-2025-22460

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges...

CVE-2025-22460

Ivanti Cloud Services Application (CSA) is affected by CVE-2025-22460 due to default credentials in versions prior to 5.0.5. The vulnerability enables a local, authenticated attacker to escalate privileges (local privilege escalation) with high impact. The CVSS vector indicates LOCAL attack, low ...

CVE-2025-22460

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges...

CVE-2025-22460

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges...

Security Advisory Ivanti Cloud Services Application (CVE-2025-22460)

Summary: Ivanti has released updates for Ivanti Cloud Services Application which addresses one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by this vulnerability at the time of disclosure...

Ivanti Cloud Services Application 安全漏洞

The Ivanti Cloud Services Application CSA is a locally deployed virtual appliance designed to simplify and enhance the integration of Ivanti products with cloud services. An elevation of privilege vulnerability exists in Ivanti Cloud Services Application, which is derived from default credentials...

PT-2025-20907 · Ivanti · Ivanti Cloud Services Application

Name of the Vulnerable Software and Affected Versions: Ivanti Cloud Services Application versions prior to 5.0.5 Description: The issue concerns default credentials in the Ivanti Cloud Services Application, allowing a local authenticated attacker to escalate their privileges. Recommendations: For...

The vulnerability in the web console of the network device Ivanti Cloud Services Application allows a hacker to execute arbitrary code.

The vulnerability of the web console of the network device Ivanti Cloud Services Application exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Exploit for OS Command Injection in Ivanti Cloud_Services_Appliance

CVE-2024-8190 unauthenticated Description Combining CVE-...

Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-47908, CVE-2024-11771)

Summary Ivanti has released updates for Ivanti Cloud Services Application CSA which addresses critical and medium severity vulnerabilities. Successful exploitation of CVE-2024-47908 could allow a remote authenticated attacker to achieve remote code execution and CVE-2024-11771 could allow a remot...

CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

CISA, in partnership with the Federal Bureau of Investigation FBI, released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to exploitation of vulnerabilities—CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a...

The vulnerability of the web console of the automation process management tool for IT services, Ivanti Cloud Services Appliance, allows a perpetrator to execute arbitrary code.

The vulnerability of the web console of the Ivanti Cloud Services Appliance, which is used for automating IT service management processes, stems from the lack of data cleansing measures at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

The vulnerability of the web console for network-based automation of IT service management solutions from Ivanti Cloud Services Appliance allows a hacker to gain administrative access.

The vulnerability of the web console of the Ivanti Cloud Services Appliance, which is used for automating IT service management processes, relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability can allow a malicious actor, operating...

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application CSA and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 CVSS score: 10.0 - An authentication...