CVE-2024-8963 CRITICAL

CVE-2024-8963

Weakness CWE-22 · Path traversal
KEV Status Known Exploited
Published September 19, 2024
Last update October 21, 2025

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

CISA mandated remediation

02CISA Required Action

As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.

Key dates

03Disclosure timeline

September 19, 2024 CVE published
October 21, 2025 Record updated

Related vulnerabilities

05Related CVE