cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11771,https://securityvulnerability.io/vulnerability/CVE-2024-11771,Path Traversal Vulnerability in Ivanti Cloud Services Application,"A path traversal vulnerability in the Ivanti Cloud Services Application allows remote unauthenticated attackers to exploit the application, potentially granting them access to restricted functionality. The flaw exists in versions before 5.0.5, making it crucial for users to upgrade to the latest version to mitigate any associated risks.",Ivanti,Cloud Services Application,5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-11T15:19:11.855Z,0
CVE-2024-47908,https://securityvulnerability.io/vulnerability/CVE-2024-47908,OS Command Injection in Ivanti Cloud Services Application,"The Ivanti Cloud Services Application (CSA) prior to version 5.0.5 is susceptible to an OS command injection vulnerability in its admin web console. This flaw allows a remote authenticated attacker with administrative privileges to execute arbitrary code on the server, posing significant security risks for systems utilizing this application. Organizations using affected versions are strongly advised to update to the latest version to mitigate potential exploitation.",Ivanti,Cloud Services Application,7.2,HIGH,0.0005200000014156103,false,,false,false,false,,false,false,false,,2025-02-11T15:18:49.425Z,172
CVE-2024-11773,https://securityvulnerability.io/vulnerability/CVE-2024-11773,Advanced SQL Injection Vulnerability in Ivanti CSA,"A vulnerability exists in the admin web console of the Ivanti Cloud Services Application prior to version 5.0.3, wherein remote authenticated attackers with admin privileges can exploit an SQL injection flaw. This weakness allows attackers to execute arbitrary SQL statements against the underlying database, potentially compromising data integrity and security. Ensuring timely updates and implementing strict access controls are essential measures to mitigate risks associated with this vulnerability.",Ivanti,Cloud Services Application,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-12-10T18:56:08.742Z,0
CVE-2024-11772,https://securityvulnerability.io/vulnerability/CVE-2024-11772,Remote Code Execution Vulnerability in Ivanti CSABefore Version 5.0.3,"A command injection vulnerability exists in the admin web console of Ivanti Cloud Services Application prior to version 5.0.3. This issue enables a remote authenticated attacker, who possesses administrative privileges, to execute arbitrary code on affected systems. As a result, attackers could exploit this vulnerability to gain unauthorized access or control over sensitive data and processes, potentially leading to severe security breaches.",Ivanti,Cloud Services Application,7.2,HIGH,0.0006300000241026282,false,,true,false,false,,,false,false,,2024-12-10T18:55:44.312Z,0
CVE-2024-11639,https://securityvulnerability.io/vulnerability/CVE-2024-11639,Admin Web Console Vulnerability Allows Remote Administrative Access,"An identified vulnerability in Ivanti Cloud Services Application (CSA) pertains to an authentication bypass flaw in the admin web console. This issue allows remote attackers, who do not have authentication credentials, to gain administrative access to the system. The vulnerability affects versions of Ivanti CSA prior to 5.0.3, posing a significant security risk as it enables potential unauthorized operations and control over the affected application. Organizations using vulnerable versions should prioritize updating their systems to mitigate this exploit, as the flaw can seriously compromise the integrity of their applications and data.",Ivanti,Cloud Services Application,9.8,CRITICAL,0.000910000002477318,false,,true,false,false,,,false,false,,2024-12-10T18:54:43.368Z,0