CVE-2024-8963

CVE Database · CVE-2024-8963

CVE-2024-8963

· CRITICALAnalyzed

CVSS v3.1

9.4

EPSS

98.41%

Published

Sep 19, 2024

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2024-09-19 · Due: 2024-10-10

As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.

Public PoC / Exploit (3)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCpatfire94/CVE-2024-8963★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Weaknesses (CWE)

CWE-22CWE-22

Affected Products (3)

ivanti · endpoint_manager_cloud_services_appliancevulnerable

References (2)

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8963

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs