Known Vulnerabilities
CVE-2024-11773
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
CRITICAL
CVSS 9.1
Published Dec 10, 2024
CVE-2024-11772
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CRITICAL
CVSS 9.1
Published Dec 10, 2024
CVE-2024-11639
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
CRITICAL
CVSS 10.0
Published Dec 10, 2024