Ivanti: >> Cloud Services Appliance >> 4.5 Security Vulnerabilities
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-05-13
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.129
Published
2025-02-11
Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.
CVSS Score
5.3
EPSS Score
0.018
Published
2025-02-11
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
CVSS Score
10.0
EPSS Score
0.343
Published
2024-12-10
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.137
Published
2024-12-10
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
CVSS Score
9.1
EPSS Score
0.016
Published
2024-12-10