Cloud Services Application
by Ivanti
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-44529 | Cri | 0.93 | 9.8 | 0.99 | KEV | Dec 8, 2021 | A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | |
| CVE-2024-8963 | Cri | 0.81 | 9.4 | 0.99 | KEV | Sep 19, 2024 | Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | |
| CVE-2024-8190 | Hig | 0.66 | 7.2 | 0.89 | KEV | Sep 10, 2024 | An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. | |
| CVE-2024-11639 | Cri | 0.65 | 10.0 | 0.05 | Dec 10, 2024 | An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | ||
| CVE-2024-9380 | Hig | 0.64 | 7.2 | 0.63 | KEV | Oct 8, 2024 | An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | |
| CVE-2024-47908 | Cri | 0.61 | 9.1 | 0.21 | Feb 11, 2025 | OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||
| CVE-2024-11773 | Cri | 0.61 | 9.1 | 0.24 | Dec 10, 2024 | SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | ||
| CVE-2024-11772 | Cri | 0.60 | 9.1 | 0.08 | Dec 10, 2024 | Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||
| CVE-2024-9379 | Med | 0.58 | 6.5 | 0.43 | KEV | Oct 8, 2024 | SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | |
| CVE-2025-22460 | Hig | 0.51 | 7.8 | 0.00 | May 13, 2025 | Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. | ||
| CVE-2024-9381 | Hig | 0.48 | 7.2 | 0.16 | Oct 8, 2024 | Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. | ||
| CVE-2024-11771 | Med | 0.35 | 5.3 | 0.01 | Feb 11, 2025 | Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality. |
- risk 0.93cvss 9.8epss 0.99
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
- risk 0.81cvss 9.4epss 0.99
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
- risk 0.66cvss 7.2epss 0.89
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
- risk 0.65cvss 10.0epss 0.05
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
- risk 0.64cvss 7.2epss 0.63
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
- risk 0.61cvss 9.1epss 0.21
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- risk 0.61cvss 9.1epss 0.24
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
- risk 0.60cvss 9.1epss 0.08
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- risk 0.58cvss 6.5epss 0.43
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
- risk 0.51cvss 7.8epss 0.00
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.
- risk 0.48cvss 7.2epss 0.16
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
- risk 0.35cvss 5.3epss 0.01
Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.