CVE-2024-9379
Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability
CVSS
—
No CVSS
EPSS
43.4%
p99
KEV
YES
Oct 9, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Ivanti / Cloud Services Appliance (CSA)
Vulnerability
Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability
Added to KEV
Oct 9, 2024
Remediate by
Oct 30, 2024
Known ransomware use
No
Summary description
Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.
Required action
As Ivanti CSA 4.6.x has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line, or later, of supported solution.
Notes
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9379