virus logo Intrusion Prevention

Ivanti.Cloud.Service.Appliance.client.index.Path.Traversal

description-logoDescription

This indicates an attack attempt to exploit a Path Traversal Vulnerability in Ivanti Cloud Service Appliance.
The vulnerability is due to insufficient validation of user-supplied inputs. A remote unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to a vulnerable application. Successful exploitation could result in information disclosure and access to restricted functionality of the application.

description-logoOutbreak Alert

Threat actors chained and exploited multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance). If successful, this could lead an attacker to gain admin access, obtain credentials, bypass security measures, run arbitrary SQL commands, and execute code remotely.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Ivanti Cloud Service Appliance before 4.6 Patch 519

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2025-03-31 31.979
Modified
 Sig Added
2024-11-12 29.901
Modified
 Default_action:pass:drop
2024-10-10 28.879
New
ID 56710
Created Oct 09, 2024
Updated Mar 31, 2025
CVE ID
Tags Ivanti CSA Zero-Day Attack Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 94.23%
Default Action drop
Active
Affected OS Windows, Linux
Affected App Other
Profile Type Path Traversal