Ivanti Csa (Cloud Services Appliance)
6 CVEs affecting Ivanti Csa (Cloud Services Appliance). Latest disclosed: 2025-05-13. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-8963 | Critical | 9.4 | 2024-09-19 | Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. |
CVE-2025-22460 | High | 7.8 | 2025-05-13 | Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. |
CVE-2024-9381 | High | 7.2 | 2024-10-08 | Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. |
CVE-2024-9380 | High | 7.2 | 2024-10-08 | An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges… |
CVE-2024-8190 | High | 7.2 | 2024-09-10 | An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain rem… |
CVE-2024-9379 | Medium | 6.5 | 2024-10-08 | SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL sta… |