Ivanti Cloud_services_appliance

7 CVEs affecting Ivanti Cloud_services_appliance. Latest disclosed: 2025-05-13. Critical: 4, High: 2.

Top CVEs affecting Ivanti Cloud_services_appliance
CVESeverityScorePublishedSummary
CVE-2024-11639Critical10.02024-12-10An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
CVE-2024-47908Critical9.12025-02-11OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote…
CVE-2024-11773Critical9.12024-12-10SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL sta…
CVE-2024-11772Critical9.12024-12-10Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote co…
CVE-2025-22460High7.82025-05-13Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.
CVE-2024-8190High7.22024-09-10An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain rem…
CVE-2024-11771Medium5.32025-02-11Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.