CVE-2024-9379

CVE Published 2024-10-08
Related CWE(s) CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Related Vendor(s) ivanti
Related Product(s) endpoint_manager_cloud_services_appliance
Exploitation Reported (CISA KEV) 2024-10-09
CVSS 3 Base Score 7.2 (HIGH)
CVSS 3 Attack Complexity LOW
CVSS 3 Attack Vector NETWORK

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Associated CAPEC Patterns

References