Advanced SQL Injection Vulnerability in Ivanti CSA
CVE-2024-11773
7.2HIGH
Summary
A vulnerability exists in the admin web console of the Ivanti Cloud Services Application prior to version 5.0.3, wherein remote authenticated attackers with admin privileges can exploit an SQL injection flaw. This weakness allows attackers to execute arbitrary SQL statements against the underlying database, potentially compromising data integrity and security. Ensuring timely updates and implementing strict access controls are essential measures to mitigate risks associated with this vulnerability.
Affected Version(s)
Cloud Services Application 5.0.3
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved