CSA
by Ivanti
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-9379 | 0.18 | — | 0.79 | KEV | Oct 8, 2024 | SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | ||
| CVE-2024-47908 | 0.04 | — | 0.44 | Feb 11, 2025 | OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||
| CVE-2024-11772 | 0.01 | — | 0.10 | Dec 10, 2024 | Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||
| CVE-2024-11639 | 0.01 | — | 0.08 | Dec 10, 2024 | An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | |||
| CVE-2024-11771 | 0.00 | — | 0.02 | Feb 11, 2025 | Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality. | |||
| CVE-2024-11773 | 0.00 | — | 0.03 | Dec 10, 2024 | SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | |||
| CVE-2024-9381 | 0.00 | — | 0.01 | Oct 8, 2024 | Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. |
- risk 0.18cvss —epss 0.79
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
- CVE-2024-47908Feb 11, 2025risk 0.04cvss —epss 0.44
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- CVE-2024-11772Dec 10, 2024risk 0.01cvss —epss 0.10
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- CVE-2024-11639Dec 10, 2024risk 0.01cvss —epss 0.08
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
- CVE-2024-11771Feb 11, 2025risk 0.00cvss —epss 0.02
Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.
- CVE-2024-11773Dec 10, 2024risk 0.00cvss —epss 0.03
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
- CVE-2024-9381Oct 8, 2024risk 0.00cvss —epss 0.01
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.