Ivanti Cloud Services Appliance

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Ivanti Cloud Services Appliance.

By the Year

In 2026 there have been 0 vulnerabilities in Ivanti Cloud Services Appliance. Last year, in 2025 Cloud Services Appliance had 3 security vulnerabilities published. Right now, Cloud Services Appliance is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	3	7.20
2024	4	7.85

It may take a day or so for new Cloud Services Appliance vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Ivanti Cloud Services Appliance Security Vulnerabilities

Default Creds in Ivanti Cloud Services App <5.0.5 – Local Auth Escalation
CVE-2025-22460 - May 13, 2025

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.

1392

Os Cmd Inject in Ivanti CSA before 5.0.5
CVE-2024-47908 7.2 - High - February 11, 2025

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Shell injection

Ivanti CSA Path Traversal Remote Unauth Before 5.0.5
CVE-2024-11771 - February 11, 2025

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.

Directory traversal

SQLi in Ivanti CSA admin console before 5.0.3
CVE-2024-11773 7.2 - High - December 10, 2024

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

SQL Injection

Command injection in Ivanti CSA <5.0.3 admin console (RCE)
CVE-2024-11772 7.2 - High - December 10, 2024

Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Command Injection

Auth Bypass in Ivanti CSA <5.0.3 Admin Web Console
CVE-2024-11639 9.8 - Critical - December 10, 2024

An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access

Missing Authentication for Critical Function

OS Command Injection - Ivanti Cloud Services Appliance 4.6 Patch 518 and prior
CVE-2024-8190 7.2 - High - September 10, 2024

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

Shell injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Ivanti Cloud Services Appliance or by Ivanti? Click the Watch button to subscribe.

Ivanti
Vendor

Ivanti Cloud Services Appliance
Product

Ivanti Cloud Services Appliance

Don't miss out!

By the Year

Recent Ivanti Cloud Services Appliance Security Vulnerabilities

Default Creds in Ivanti Cloud Services App <5.0.5 – Local Auth Escalation CVE-2025-22460 - May 13, 2025

Os Cmd Inject in Ivanti CSA before 5.0.5 CVE-2024-47908 7.2 - High - February 11, 2025

Ivanti CSA Path Traversal Remote Unauth Before 5.0.5 CVE-2024-11771 - February 11, 2025

SQLi in Ivanti CSA admin console before 5.0.3 CVE-2024-11773 7.2 - High - December 10, 2024

Command injection in Ivanti CSA <5.0.3 admin console (RCE) CVE-2024-11772 7.2 - High - December 10, 2024

Auth Bypass in Ivanti CSA <5.0.3 Admin Web Console CVE-2024-11639 9.8 - Critical - December 10, 2024

OS Command Injection - Ivanti Cloud Services Appliance 4.6 Patch 518 and prior CVE-2024-8190 7.2 - High - September 10, 2024