CVE-2024-11639
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
Affected (1)
Products: Ivanti: Cloud Services Appliance
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.0.3 |
Related CWEs
CWE-288
Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
References (1)
Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Vendor Advisory
Timeline
No history available yet.