VYPR

CSA

by Ivanti

CVEs (9)

  • CVE-2024-8963CriKEVSep 19, 2024
    risk 0.81cvss 9.4epss 0.99

    Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

  • CVE-2024-11639CriDec 10, 2024
    risk 0.65cvss 10.0epss 0.05

    An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access

  • CVE-2024-9380HigKEVOct 8, 2024
    risk 0.64cvss 7.2epss 0.63

    An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.

  • CVE-2024-47908CriFeb 11, 2025
    risk 0.61cvss 9.1epss 0.21

    OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-11773CriDec 10, 2024
    risk 0.61cvss 9.1epss 0.24

    SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

  • CVE-2024-11772CriDec 10, 2024
    risk 0.60cvss 9.1epss 0.08

    Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-9379MedKEVOct 8, 2024
    risk 0.58cvss 6.5epss 0.43

    SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

  • CVE-2024-9381HigOct 8, 2024
    risk 0.48cvss 7.2epss 0.16

    Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.

  • CVE-2024-11771MedFeb 11, 2025
    risk 0.35cvss 5.3epss 0.01

    Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.