Vulnerabilities > Ivanti > Endpoint Manager Cloud Services Appliance

DATE CVE VULNERABILITY TITLE RISK
2024-10-08 CVE-2024-9379 SQL Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-10-08 CVE-2024-9380 OS Command Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
network
low complexity
ivanti CWE-78
7.2
7.2
2024-10-08 CVE-2024-9381 Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
network
low complexity
ivanti CWE-22
7.2
7.2
2024-09-19 CVE-2024-8963 Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.6
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
network
low complexity
ivanti CWE-22
critical
 9.1
9.1
2021-12-08 CVE-2021-44529 Code Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
network
low complexity
ivanti CWE-94
critical
 9.8
9.8