Ivanti Cloud Services Appliance — known CVE vulnerabilities
Every CVE whose affected-product data names Ivanti Cloud Services Appliance, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-11639 — CVSS 10.0 (critical): An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain…
CVE-2024-11772 — CVSS 9.1 (critical): Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges…
CVE-2024-11773 — CVSS 9.1 (critical): SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to…
CVE-2024-47908 — CVSS 9.1 (critical): OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin…
CVE-2025-22460 — CVSS 7.8 (high): Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their…
CVE-2024-11771 — CVSS 5.3 (medium): Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.