#IvantiCSA

Three more vulns spotted in Ivanti CSA, all critical, one 10/10

by

December 11, 2024 at 07:15AM Ivanti issued a security advisory for three critical vulnerabilities in its Cloud Services Application (CSA), including a perfect 10-rated authentication bypass flaw. These vulnerabilities could allow attackers to gain unauthorized access and execute malicious commands. Users are urged to upgrade to version 5.0.3 to mitigate risks. ### Meeting Takeaways: **Ivanti … Read more

Serious Adversaries Circle Ivanti CSA Zero-Day Flaws

by

October 14, 2024 at 06:23PM Researchers reported that a sophisticated cyberattacker, likely a nation-state actor, exploited three zero-day vulnerabilities in Ivanti’s Cloud Service Appliance to infiltrate networks. This involved command and SQL injection flaws, enabling them to maintain access and potentially execute advanced techniques like DNS tunneling and deploying rootkits. Organizations must apply patches urgently. … Read more