📦

cloud_services_appliance

Vendor: ivanti

Login to add this product to WatchStack
Actively Exploited 1 CISA KEV List
PoC / Exploits 1 Code Available
Total RCEs 3 Remote Access
Total CVEs 10 Total Indexed
Avg. EPSS 22.31% Exploit Prob.
Latest CVE CVE-2025-22460 May 13

Security Vulnerability Index

Page 1 / 1
7.8 CVSS
CVE-2025-22460

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.

EPSS: 0.18%
9.1 CVSS
CVE-2024-47908
RCE

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

EPSS: 42.11%
5.3 CVSS
CVE-2024-11771

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.

EPSS: 1.50%
9.1 CVSS
CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

EPSS: 2.59%
9.1 CVSS
CVE-2024-11772
RCE

Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

EPSS: 9.78%
10.0 CVSS
CVE-2024-11639

An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access

EPSS: 8.13%
Critical Target
7.2 CVSS
CVE-2024-8190
RCE Exploit Found

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

EPSS: 91.91%