CVE-2024-9381

HIGH EXPLOITED

Ivanti Endpoint Manager Cloud Services Appliance < 5.0.2 - Authenticated Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-9381 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.

References (1)

Core 1

Scores

CVSS v3 7.2
EPSS 0.0132
EPSS Percentile 80.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

VulnCheck KEV 2024-10-08
CWE
CWE-22
Status published
Products (1)
ivanti/endpoint_manager_cloud_services_appliance < 5.0.2
Published Oct 08, 2024
Tracked Since Feb 18, 2026