What the vulnerability does
01Description
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
CVSS base score
What the vulnerability does
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
CISA mandated remediation
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Key dates
External resources