CISA KEV 정보
| 취약점명 | Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability |
|---|---|
| 설명 | Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements. |
| 조치사항 | As Ivanti CSA 4.6.x has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line, or later, of supported solution. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-89 |
| 등록일 (KEV) | 2024-10-09 |
| 조치 기한 | 2024-10-30 |
| 추가 참고 | https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9379 |
NVD 상세 정보
CVSS v3.1: 6.5 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H설명: SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
CWE: CWE-89 | CWE-89
참조
This product uses the NVD API but is not endorsed or certified by the NVD.