VDB
CVE-2021-44529
CVE-2021-44529
PUBLISHED
KEV
CVSS 7.5 HIGH
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
EPSS 94.46% · 100.0th percentile
Risk Scores
CVSS v2.0
7.5
EPSS Score
94.46%
100.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ivanti | endpoint_manager_cloud_services_appliance | 0 |
| n/a | Ivanti EPM | 4.6.0-512 |
| ivanti | endpoint_manager_cloud_services_appliance | 0, 4.6 |
Timeline
- CVE Published
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- May 14, 2021 CrowdSec Sighting
- Jun 10, 2021 CrowdSec Sighting
- Oct 21, 2021 CrowdSec Sighting
- Dec 9, 2021 EPSS Score
References
- https://forums.ivanti.com/s/article/SA-2021-12-02 url
- http://packetstormsecurity.com/files/166383/Ivanti-Endpoint-Manager-CSA-4.5-4.6-Remote-Code-Execution.html url
- http://packetstormsecurity.com/files/170590/Ivanti-Cloud-Services-Appliance-CSA-Command-Injection.html url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44529 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-44529 advisory