CISA Known Exploited Vulnerability (KEV)
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
March 25, 2024
April 15, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
References
Weakness Enumeration
CWE-ID | CWE Name |
---|---|
CWE-94 |
Improper Control of Generation of Code (‘Code Injection’) |