An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.93242}

epss

{'score': 0.93217}


Mon, 16 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:*:*:*:*:*:*:*:*
Vendors & Products Ivanti endpoint Manager Cloud Services Appliance
References
Metrics kev

{'dateAdded': '2024-09-13'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 16 Sep 2024 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti cloud Services Appliance
CPEs cpe:2.3:a:ivanti:cloud_services_appliance:4.6:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:cloud_services_appliance:4.6:patch_518:*:*:*:*:*:*
Vendors & Products Ivanti cloud Services Appliance

Fri, 13 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2024-09-13'}


Wed, 11 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti endpoint Manager Cloud Services Appliance
CPEs cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:*:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti endpoint Manager Cloud Services Appliance
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 10 Sep 2024 20:45:00 +0000

Type Values Removed Values Added
Description An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2025-07-30T01:36:32.976Z

Reserved: 2024-08-26T19:12:19.826Z

Link: CVE-2024-8190

cve-icon Vulnrichment

Updated: 2024-09-16T13:24:41.628Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-10T21:15:14.697

Modified: 2024-11-26T19:55:46.433

Link: CVE-2024-8190

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.