Home / Early Warning / Vulnerabilidades / CVE-2021-44529

CVE-2021-44529

Type: 
Code Injection
Severity: 
High
Publication date: 
12/08/2021
Last modified: 
04/18/2022
Description
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:-:*:*:*:*:*:*
  • cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:*:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
Explanation of fields