Vulnerabilities > Ivanti > Cloud Services Appliance > High

DATE CVE VULNERABILITY TITLE RISK
2025-02-11 CVE-2024-47908 OS Command Injection vulnerability in Ivanti Cloud Services Appliance
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-78
7.2
7.2
2024-12-10 CVE-2024-11772 Command Injection vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-77
7.2
7.2
2024-12-10 CVE-2024-11773 SQL Injection vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-10 CVE-2024-8190 OS Command Injection vulnerability in Ivanti Cloud Services Appliance 4.6
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution.
network
low complexity
ivanti CWE-78
7.2
7.2