GCVE - cpe:2.3:a:ivanti:csa_(cloud_services

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:csa_(cloud_services_appliance):*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ivanti (`40b984ad-e54c-5e1b-9aa1-2a4cd4d61129`)
Product	Csa (Cloud Services Appliance) (`a2d499b4-d2d9-5284-a3c3-e8783a4642c4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-22460`	not_vulnerable	2026-06-03 14:59:40.015905	Details available HIGH (7.8) Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. Published: 2025-05-13T15:09:30.912Z Updated: 2025-05-13T19:43:10.536Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CVE-2025-22460	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9381`	not_vulnerable	2026-06-03 14:58:21.120093	Details available HIGH (7.2) Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. Published: 2024-10-08T16:25:27.092Z Updated: 2024-10-08T19:23:27.864Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9380`	not_vulnerable	2026-06-03 14:58:21.119716	Details available HIGH (7.2) An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. Published: 2024-10-08T16:23:49.949Z Updated: 2025-10-21T22:55:43.528Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9379`	not_vulnerable	2026-06-03 14:58:21.119168	Details available MEDIUM (6.5) SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. Published: 2024-10-08T16:23:13.310Z Updated: 2025-10-21T22:55:43.655Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8963`	not_vulnerable	2026-06-03 14:58:20.115849	Details available CRITICAL (9.4) Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. Published: 2024-09-19T17:14:49.386Z Updated: 2025-10-21T22:55:44.119Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8190`	not_vulnerable	2026-06-03 14:58:17.377596	Details available HIGH (7.2) An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. Published: 2024-09-10T20:33:44.793Z Updated: 2025-10-21T22:55:44.915Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Csa (Cloud Services Appliance)

PURL mappings

Vulnerability references

Contribute