CVE-2021-44529

Summary

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).

Affected Software

VendorProductVersion RangeStatus
n/aIvanti EPM4.6.0-512affected

Weaknesses

  • CWE-94: Code Injection (CWE-94)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References