Описание
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-44529
- https://forums.ivanti.com/s/article/SA-2021-12-02
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44529
- http://packetstormsecurity.com/files/166383/Ivanti-Endpoint-Manager-CSA-4.5-4.6-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/170590/Ivanti-Cloud-Services-Appliance-CSA-Command-Injection.html
Связанные уязвимости
CVSS3: 9.8
nvd
около 4 лет назад
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
CVSS3: 9.8
fstec
больше 4 лет назад
Уязвимость сетевого средства Ivanti Cloud Services Appliance, связанная с неверным ограничением имени пути к каталогу с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код