CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11773
https://notcve.org/view.php?id=CVE-2024-11773
10 Dec 2024 — SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11772
https://notcve.org/view.php?id=CVE-2024-11772
10 Dec 2024 — Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11639
https://notcve.org/view.php?id=CVE-2024-11639
10 Dec 2024 — An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9381
https://notcve.org/view.php?id=CVE-2024-9381
08 Oct 2024 — Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 4%CPEs: 1EXPL: 0CVE-2024-9380 – Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-9380
08 Oct 2024 — An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9379 – Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-9379
08 Oct 2024 — SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 96%CPEs: 1EXPL: 1CVE-2024-8963 – Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-8963
19 Sep 2024 — Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance. • https://github.com/patfire94/CVE-2024-8963 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 11%CPEs: 2EXPL: 1CVE-2024-8190 – Ivanti Cloud Services Appliance OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-8190
10 Sep 2024 — An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS. • https://github.com/horizon3ai/CVE-2024-8190 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 97%CPEs: 2EXPL: 7CVE-2021-44529 – Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-44529
08 Dec 2021 — A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). Una vulnerabilidad de inyección de código en Ivanti EPM Cloud Services Appliance (CSA) permite a un usuario no autenticado ejecutar código arbitrario con permisos limitados (nobody) Ivanti Endpoint Manager CSA versions 4.5 and 4.6 suffer from an unauthenticated remote code execution vulnerability. Ivanti Endpoint Manager Cloud Service App... • https://packetstorm.news/files/id/170590 • CWE-94: Improper Control of Generation of Code ('Code Injection') •