Lucene search

K
IvantiCloud Services Appliance

11 matches found

CVE
CVE
added 2024/10/08 5:15 p.m.231 views

CVE-2024-9380

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.

7.2CVSS7.2AI score0.83805EPSS
CVE
CVE
added 2024/09/19 6:15 p.m.220 views

CVE-2024-8963

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

9.4CVSS7.2AI score0.94296EPSS
CVE
CVE
added 2024/09/10 9:15 p.m.193 views

CVE-2024-8190

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

7.2CVSS7.7AI score0.93046EPSS
CVE
CVE
added 2024/10/08 5:15 p.m.189 views

CVE-2024-9379

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

7.2CVSS6.8AI score0.83794EPSS
CVE
CVE
added 2024/10/08 5:15 p.m.156 views

CVE-2024-9381

Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.

7.2CVSS6.7AI score0.09324EPSS
CVE
CVE
added 2024/12/10 7:15 p.m.63 views

CVE-2024-11639

An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access

10CVSS9.8AI score0.3214EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.55 views

CVE-2024-47908

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.07263EPSS
CVE
CVE
added 2024/12/10 7:15 p.m.48 views

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

9.1CVSS9.2AI score0.01285EPSS
CVE
CVE
added 2024/12/10 7:15 p.m.43 views

CVE-2024-11772

Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.4AI score0.10467EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.36 views

CVE-2024-11771

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.

5.3CVSS5.3AI score0.0145EPSS
CVE
CVE
added 2025/05/13 3:15 p.m.35 views

CVE-2025-22460

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.

7.8CVSS7AI score0.00066EPSS