CyberSecurity updates
Updated: 2024-10-30 14:09:22 Pacfic

informationsecuritybuzz.com
Vulnerability in Ivanti Cloud Services Appliance (CSA) Actively Exploited: Critical Path Traversal and OS Command Injection Flaws - 9d

Read more: informationsecuritybuzz.com

A critical vulnerability, CVE-2024-8963, affecting Ivanti’s Cloud Services Appliance (CSA) is under active exploitation by threat actors. This path traversal flaw allows remote attackers to bypass administrative controls and access restricted functionality, potentially leading to unauthorized access and arbitrary command execution. This vulnerability is chainable with a previously disclosed command injection vulnerability, CVE-2024-8190, which also allows attackers to bypass authentication and execute commands on the appliance, emphasizing the urgency of patching.


This site is an experimental news aggregator using feeds I personally follow. You can reach me using contacts documented at my website here (https://royans.net/) if you have feedback. You can also find FlagThis at Mastodon.