Cloud Services Application
by Ivanti
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-8963 | 0.20 | — | 0.94 | KEV | Sep 19, 2024 | Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | ||
| CVE-2024-9380 | 0.19 | — | 0.87 | KEV | Oct 8, 2024 | An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | ||
| CVE-2024-8190 | 0.19 | — | 0.92 | KEV | Sep 10, 2024 | An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. | ||
| CVE-2024-9379 | 0.18 | — | 0.79 | KEV | Oct 8, 2024 | SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | ||
| CVE-2024-47908 | 0.04 | — | 0.44 | Feb 11, 2025 | OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||
| CVE-2024-11772 | 0.01 | — | 0.10 | Dec 10, 2024 | Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||
| CVE-2024-11639 | 0.01 | — | 0.08 | Dec 10, 2024 | An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | |||
| CVE-2025-22460 | 0.00 | — | 0.00 | May 13, 2025 | Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-11771 | 0.00 | — | 0.02 | Feb 11, 2025 | Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality. | |||
| CVE-2024-11773 | 0.00 | — | 0.03 | Dec 10, 2024 | SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | |||
| CVE-2024-9381 | 0.00 | — | 0.01 | Oct 8, 2024 | Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. |
- risk 0.20cvss —epss 0.94
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
- risk 0.19cvss —epss 0.87
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
- risk 0.19cvss —epss 0.92
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
- risk 0.18cvss —epss 0.79
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
- CVE-2024-47908Feb 11, 2025risk 0.04cvss —epss 0.44
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- CVE-2024-11772Dec 10, 2024risk 0.01cvss —epss 0.10
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- CVE-2024-11639Dec 10, 2024risk 0.01cvss —epss 0.08
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
- CVE-2025-22460May 13, 2025risk 0.00cvss —epss 0.00
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.
- CVE-2024-11771Feb 11, 2025risk 0.00cvss —epss 0.02
Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.
- CVE-2024-11773Dec 10, 2024risk 0.00cvss —epss 0.03
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
- CVE-2024-9381Oct 8, 2024risk 0.00cvss —epss 0.01
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.