Cloud Services Appliance

Ivanti warns of three more CSA zero-days exploited in attacks

October 9, 2024October 9, 2024 geekfeed0Tagged Actively Exploited, Cloud Services Appliance, Command Injection, Ivanti, Ivanti CSA, Remote Code Execution, Security Bypass, Zero-Day

American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. As Ivanti revealed on Tuesday, attackers are chaining the three security flaws with another CSA zero-day patched in September. Successful exploitation of these vulnerabilities can let remote attackers run SQL statements via […]

2 mins read

Ivanti warns of another critical CSA flaw exploited in attacks

September 20, 2024September 20, 2024 geekfeed0Tagged Actively Exploited, Cloud Services Appliance, Exploit Chain, Ivanti, Ivanti CSA, Path Traversal

Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. Tracked as CVE-2024-8963, this admin bypass vulnerability is caused by a path traversal weakness. Successful exploitation allows remote unauthenticated attackers to access restricted functionality on vulnerable CSA systems (used as gateways to provide enterprise users secure […]

3 mins read