Unrated severityCISA KEVNVD Advisory· Published Dec 8, 2021· Updated Oct 21, 2025

CVE-2021-44529

Description

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).

Affected products

Ivanti/EPM Cloud Services Appliancedescription

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/166383/Ivanti-Endpoint-Manager-CSA-4.5-4.6-Remote-Code-Execution.htmlmitre
packetstormsecurity.com/files/170590/Ivanti-Cloud-Services-Appliance-CSA-Command-Injection.htmlmitre
forums.ivanti.com/s/article/SA-2021-12-02mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.076
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060