VYPR

Cloud Services Application

by Ivanti

CVEs (12)

  • CVE-2021-44529CriKEVDec 8, 2021
    risk 0.93cvss 9.8epss 0.99

    A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).

  • CVE-2024-8963CriKEVSep 19, 2024
    risk 0.81cvss 9.4epss 0.99

    Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

  • CVE-2024-8190HigKEVSep 10, 2024
    risk 0.66cvss 7.2epss 0.89

    An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

  • CVE-2024-11639CriDec 10, 2024
    risk 0.65cvss 10.0epss 0.05

    An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access

  • CVE-2024-9380HigKEVOct 8, 2024
    risk 0.64cvss 7.2epss 0.63

    An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.

  • CVE-2024-47908CriFeb 11, 2025
    risk 0.61cvss 9.1epss 0.21

    OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-11773CriDec 10, 2024
    risk 0.61cvss 9.1epss 0.24

    SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

  • CVE-2024-11772CriDec 10, 2024
    risk 0.60cvss 9.1epss 0.08

    Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-9379MedKEVOct 8, 2024
    risk 0.58cvss 6.5epss 0.43

    SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

  • CVE-2025-22460HigMay 13, 2025
    risk 0.51cvss 7.8epss 0.00

    Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-9381HigOct 8, 2024
    risk 0.48cvss 7.2epss 0.16

    Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.

  • CVE-2024-11771MedFeb 11, 2025
    risk 0.35cvss 5.3epss 0.01

    Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.