216.73.217.22

CVE-2024-8963

· Published 19/09/2024 02:00 · Modified 21/12/2025 10:14 · Author: Cybersecurity and Infrastructure Security Agency

Labels: CVE-2024-8963 2024-09-193c1d8aa1-5a33-4ea4-8992-aadd6440af75CVE-2024-8963CWE-22

Essential information

Published
19/09/2024 02:00
Modified
21/12/2025 10:14
Author
Cybersecurity and Infrastructure Security Agency
Creator
Cybersecurity and Infrastructure Security Agency
CVSS
9.4 CRITICAL (v3.1)
CISA KEV
Yes
CWE
CVSS vector
CVSS:3.1/AV:N/C:H/I:H/A:L

CVSS metrics

Description

Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD
View on NVD

Affected products (CPE)

ProductCPE
ivanti / endpoint manager cloud services appliance cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:-:*:*:*:*:*:*
ivanti / endpoint manager cloud services appliance cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:patch_512:*:*:*:*:*:*
ivanti / endpoint manager cloud services appliance cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:patch_518:*:*:*:*:*:*

References

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (4)