CVE-2024-9379

CVSS 6.5 MEDIUMEPSS 43.6%● KEVCWE-89

In short

A flaw in Ivanti CSA's admin console allows administrators to inject malicious SQL commands into the system. An attacker with admin access could manipulate the database, steal data, or corrupt it.

Technical detail

SQL injection vulnerability in Ivanti CSA admin web console (versions before 5.0.2) exploitable by authenticated users with administrative privileges. The vulnerability allows execution of arbitrary SQL statements against the backend database, potentially leading to unauthorized data access, modification, or deletion.

Summary generated and translated by AI from the official description.

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Affected products

Ivanti · CSA (Cloud Services Appliance)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9379