Vulnerabilities > Ivanti > Endpoint Manager Cloud Services Appliance > High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-08	CVE-2024-9379	SQL Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. network low complexity ivanti CWE-89	7.2
2024-10-08	CVE-2024-9380	OS Command Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. network low complexity ivanti CWE-78	7.2
2024-10-08	CVE-2024-9381	Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. network low complexity ivanti CWE-22	7.2

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.