Ivanti Cloud_services_appliance
7 CVEs affecting Ivanti Cloud_services_appliance. Latest disclosed: 2025-05-13. Critical: 4, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-11639 | Critical | 10.0 | 2024-12-10 | An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access |
CVE-2024-47908 | Critical | 9.1 | 2025-02-11 | OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote… |
CVE-2024-11773 | Critical | 9.1 | 2024-12-10 | SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL sta… |
CVE-2024-11772 | Critical | 9.1 | 2024-12-10 | Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote co… |
CVE-2025-22460 | High | 7.8 | 2025-05-13 | Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. |
CVE-2024-8190 | High | 7.2 | 2024-09-10 | An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain rem… |
CVE-2024-11771 | Medium | 5.3 | 2025-02-11 | Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality. |