Security News > 2024 > September > Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
2024-09-20 04:18
Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the company as part of CSA 4.6 Patch 519 and CSA 5.0. "Path Traversal in the Ivanti CSA before 4.6 Patch
News URL
https://thehackernews.com/2024/09/critical-ivanti-cloud-appliance.html
Related news
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Swiss critical sector faces new 24-hour cyberattack reporting rule (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-19 | CVE-2024-8963 | Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.6 Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | 9.1 |