📦

endpoint_manager_cloud_services_appliance

Vendor: ivanti

Actively Exploited 4 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 2 Remote Access

Total CVEs 5 Total Indexed

Avg. EPSS 71.23% Exploit Prob.

Latest CVE CVE-2024-9381 Oct 08

Security Vulnerability Index

Page 1 / 1

7.2 CVSS

CVE-2024-9381

Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.

EPSS: 1.32%

Severity: HIGH

Oct 08, 2024

7.2 CVSS

CVE-2024-9380

RCE

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.

EPSS: 86.91%

Severity: HIGH

Oct 08, 2024

6.5 CVSS

CVE-2024-9379

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

EPSS: 79.26%

Severity: MEDIUM

Oct 08, 2024

Critical Target

9.4 CVSS

CVE-2024-8963

Exploit Found

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

EPSS: 94.23%

Severity: CRITICAL

Sep 19, 2024

Critical Target

9.8 CVSS

CVE-2021-44529

RCE Exploit Found

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).

EPSS: 94.46%

Severity: CRITICAL

Dec 08, 2021

Displaying 5 of 5 Total Entries

Total 1 Sections