cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9381,https://securityvulnerability.io/vulnerability/CVE-2024-9381,Remote Access Bypass Vulnerability in Ivanti CSA Before v5.0.2,"A path traversal vulnerability exists in Ivanti's Cloud Services Appliance (CSA) prior to version 5.0.2 that allows remote authenticated attackers with admin privileges to bypass established restrictions. This flaw can be exploited to gain unauthorized access to secure files or directories, potentially leading to further system compromises. Administrators are advised to review access controls and apply updates promptly to mitigate potential risks associated with this vulnerability.",Ivanti,Csa (cloud Services Appliance),7.2,HIGH,0.0004900000058114529,false,false,false,false,,false,false,2024-10-08T16:25:27.092Z,0
CVE-2024-9380,https://securityvulnerability.io/vulnerability/CVE-2024-9380,Remote Code Execution Vulnerability in Ivanti CSA Admin Web Console,"An OS command injection vulnerability exists in the admin web console of Ivanti Cloud Services Appliance prior to version 5.0.2. This flaw allows a remote authenticated attacker with administrative privileges to execute arbitrary commands on the server, potentially leading to significant security breaches and unauthorized access to system resources.",Ivanti,Csa (cloud Services Appliance),7.2,HIGH,0.0427200011909008,true,true,false,true,,false,false,2024-10-08T16:23:49.949Z,0
CVE-2024-9379,https://securityvulnerability.io/vulnerability/CVE-2024-9379,Remote SQL Injection Vulnerability in Ivanti CSA Before Version 5.0.2,"An SQL injection vulnerability exists in the admin web console of Ivanti's Cloud Services Appliance prior to version 5.0.2. This flaw allows a remote attacker with admin privileges to execute arbitrary SQL statements, posing significant security risks to the application and its underlying data. Immediate updates and security assessments are advised for users operating affected versions to mitigate potential intrusions and data breaches.",Ivanti,Csa (cloud Services Appliance),7.2,HIGH,0.006060000043362379,true,true,false,true,,false,false,2024-10-08T16:23:13.310Z,0
CVE-2024-8963,https://securityvulnerability.io/vulnerability/CVE-2024-8963,Unrestricted Access: Path Traversal Vulnerability in Ivanti CSA,"CVE-2024-8963 is a critical path traversal vulnerability in Ivanti CSA that allows a remote unauthenticated attacker to access restricted functionality. This issue affects Ivanti CSA version 4.6 before Patch 519 and can be chained with a separate command injection flaw to execute commands with admin privileges. Ivanti has released a fix for this vulnerability and has issued an advisory urging customers to apply the patch as soon as possible. The US Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerability (KEV) catalog, and they are instructing federal agencies to address it by October 10. There is an unspecified number of known exploits but no information on known exploitation by ransomware groups. This vulnerability is part of a larger trend of path traversal flaws affecting IT vendors and underscores the critical need for secure-by-design development practices in the software industry.",Ivanti,Csa (cloud Services Appliance),9.1,CRITICAL,0.967989981174469,true,true,true,true,,false,false,2024-09-19T17:14:49.386Z,0
CVE-2024-8190,https://securityvulnerability.io/vulnerability/CVE-2024-8190,Remote Code Execution Vulnerability in Ivanti Cloud Services Appliance,"An OS command injection vulnerability exists in the Ivanti Cloud Services Appliance, specifically in versions 4.6 Patch 518 and earlier. This issue allows remote authenticated attackers, with admin level privileges, to execute arbitrary commands on the server. Successful exploitation enables attackers to control the appliance and potentially compromise sensitive data. It is crucial for organizations using affected versions to apply the latest patches and implement proper access controls to mitigate this security risk.",Ivanti,Csa (cloud Services Appliance),7.2,HIGH,0.11331000179052353,true,true,false,true,true,true,false,2024-09-10T21:15:00.000Z,4328