{"cve_id":"CVE-2021-44529","summary":"A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.94461,"ranking_epss":0.99995,"kev":true,"propose_action":"Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).","ransomware_campaign":"Known","references":["http://packetstormsecurity.com/files/166383/Ivanti-Endpoint-Manager-CSA-4.5-4.6-Remote-Code-Execution.html","http://packetstormsecurity.com/files/170590/Ivanti-Cloud-Services-Appliance-CSA-Command-Injection.html","https://forums.ivanti.com/s/article/SA-2021-12-02","http://packetstormsecurity.com/files/166383/Ivanti-Endpoint-Manager-CSA-4.5-4.6-Remote-Code-Execution.html","http://packetstormsecurity.com/files/170590/Ivanti-Cloud-Services-Appliance-CSA-Command-Injection.html","https://forums.ivanti.com/s/article/SA-2021-12-02","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44529"],"published_time":"2021-12-08T22:15:10","cpes":["cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.5","cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6"]}