CVE-2025-22460
- EPSS 0.11%
- Published 13.05.2025 15:15:54
- Last modified 16.07.2025 18:37:52
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.
CVE-2024-47908
- EPSS 11.31%
- Published 11.02.2025 16:15:40
- Last modified 20.02.2025 15:57:06
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-11771
- EPSS 2%
- Published 11.02.2025 16:15:38
- Last modified 14.07.2025 17:27:59
Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.
CVE-2024-11639
- EPSS 34.29%
- Published 10.12.2024 19:15:19
- Last modified 17.01.2025 19:40:09
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
CVE-2024-11772
- EPSS 13.66%
- Published 10.12.2024 19:15:19
- Last modified 17.01.2025 19:40:52
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-11773
- EPSS 1.58%
- Published 10.12.2024 19:15:19
- Last modified 17.01.2025 19:41:50
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
CVE-2024-8190
- EPSS 92.67%
- Published 10.09.2024 21:15:14
- Last modified 26.11.2024 19:55:46
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerabi...