An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

• Ivanti CSA (Cloud Services Application

If Vulnerabilities are not addressed, a cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CERTVU Encourages users and administrators to review the below and apply necessary security updates.