4.5 C
New York
Thursday, December 12, 2024
HomeHacking
Hacking

Ivanti Points Important Safety Updates for CSA and Join Safe Vulnerabilities

By codesanitize.com
0
1
Ivanti Points Important Safety Updates for CSA and Join Safe Vulnerabilities


Dec 11, 2024Ravie LakshmananVulnerability / Community Safety

Ivanti Points Important Safety Updates for CSA and Join Safe Vulnerabilities

Ivanti has launched safety updates to deal with a number of important flaws in its Cloud Providers Utility (CSA) and Join Safe merchandise that might result in privilege escalation and code execution.

The record of vulnerabilities is as follows –

  • CVE-2024-11639 (CVSS rating: 10.0) – An authentication bypass vulnerability within the admin internet console of Ivanti CSA earlier than 5.0.3 that enables a distant unauthenticated attacker to achieve administrative entry
  • CVE-2024-11772 (CVSS rating: 9.1) – A command injection vulnerability within the admin internet console of Ivanti CSA earlier than model 5.0.3 that enables a distant authenticated attacker with admin privileges to attain distant code execution
  • CVE-2024-11773 (CVSS rating: 9.1) – An SQL injection vulnerability within the admin internet console of Ivanti CSA earlier than model 5.0.3 that enables a distant authenticated attacker with admin privileges to run arbitrary SQL statements
  • CVE-2024-11633 (CVSS rating: 9.1) – An argument injection vulnerability in Ivanti Join Safe earlier than model 22.7R2.4 that enables a distant authenticated attacker with admin privileges to attain distant code execution
  • CVE-2024-11634 (CVSS rating: 9.1) – A command injection vulnerability in Ivanti Join Safe earlier than model 22.7R2.3 and Ivanti Coverage Safe earlier than model 22.7R1.2 that enables a distant authenticated attacker with admin privileges to attain distant code execution
  • CVE-2024-8540 (CVSS rating: 8.8) – An insecure permissions vulnerability in Ivanti Sentry earlier than variations 9.20.2 and 10.0.2 or 10.1.0 that enables a neighborhood authenticated attacker to change delicate software parts
Cybersecurity

The shortcomings have been addressed within the beneath variations –

  • Ivanti Cloud Providers Utility 5.0.3
  • Ivanti Join Safe 22.7R2.4
  • Ivanti Coverage Safe 22.7R1.2
  • Ivanti Sentry 9.20.2, 10.0.2, and 10.1.0

Whereas Ivanti has emphasised that it isn’t conscious of energetic exploitation of any of the aforementioned flaws, it is crucial that customers take fast motion on condition that a number of flaws in its merchandise have been abused by state-sponsored attackers for malicious actions.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.



Previous article3AM Ransomware: What You Want To Know
Next articleandroid – How do you present and conceal the keyboard with out TextField?
codesanitize.comhttps://codesanitize.com

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Load more

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved