Lucene search

K
IvantiEndpoint Manager Cloud Services Appliance*

6 matches found

CVE
CVE
added 2024/10/08 5:15 p.m.261 views

CVE-2024-9380

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.

7.2CVSS7.2AI score0.84886EPSS
In wild
CVE
CVE
added 2024/09/10 9:15 p.m.224 views

CVE-2024-8190

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

7.2CVSS7.7AI score0.92389EPSS
In wildWeb
CVE
CVE
added 2024/09/19 6:15 p.m.223 views

CVE-2024-8963

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

9.4CVSS7.2AI score0.94372EPSS
In wild
CVE
CVE
added 2024/10/08 5:15 p.m.220 views

CVE-2024-9379

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

7.2CVSS6.8AI score0.84886EPSS
In wild
CVE
CVE
added 2021/12/08 10:15 p.m.189 views

CVE-2021-44529

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).

9.8CVSS9.6AI score0.94461EPSS
In wildWeb
CVE
CVE
added 2024/10/08 5:15 p.m.186 views

CVE-2024-9381

Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.

7.2CVSS6.7AI score0.84886EPSS
In wild