Advanced SQL Injection Vulnerability in Ivanti CSA
CVE-2024-11773

7.2HIGH

Key Information:

Vendor: Ivanti
Status: Cloud Services Application
Vendor: CVE Published:; 10 December 2024

What is CVE-2024-11773?

A vulnerability exists in the admin web console of the Ivanti Cloud Services Application prior to version 5.0.3, wherein remote authenticated attackers with admin privileges can exploit an SQL injection flaw. This weakness allows attackers to execute arbitrary SQL statements against the underlying database, potentially compromising data integrity and security. Ensuring timely updates and implementing strict access controls are essential measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Cloud Services Application 5.0.3

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2024
Vulnerability Reserved
Nov 26, 2024