A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 30 Jul 2025 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:patch_512:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2025-07-30T01:37:52.716Z

Reserved: 2021-12-02T00:00:00.000Z

Link: CVE-2021-44529

cve-icon Vulnrichment

Updated: 2024-08-04T04:25:16.804Z

cve-icon NVD

Status : Analyzed

Published: 2021-12-08T22:15:10.163

Modified: 2025-03-13T19:55:19.903

Link: CVE-2021-44529

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.