Ivanti warned that a recently fixed security flaw in its Cloud Service Appliance (CSA) is being actively exploited. CVE-2024-8190 is a high-severity vulnerability (CVSS score: 7.2) that can enable remote code execution in specific situations.
“An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution,” Ivanti noted in an advisory released earlier this week. “The attacker must have admin level privileges to exploit this vulnerability.”
By F2
/ Thursday , July 3 2025
The final day of the Cyber Defence & Security Exhibition and Conference (CYDES) 2025 concluded with high-impact engagements at the...
Read More
By F2
/ Thursday , July 3 2025
Cisco warns that a vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition...
Read More
By F2
/ Wednesday , July 2 2025
The second day of the Cyber Defence & Security Exhibition and Conference (CYDES) 2025 further cemented Malaysia’s position as a...
Read More
By F2
/ Tuesday , July 1 2025
Malaysia's Deputy Prime Minister Datuk Seri Dr. Ahmad Zahid Hamidi said that Malaysia has placed cybersecurity at the heart of...
Read More
By F2
/ Tuesday , July 1 2025
Mark Chen, the chief research officer at OpenAI, sent a forceful memo to staff on Saturday, promising to go head-to-head...
Read More
By F2
/ Tuesday , July 1 2025
The Canadian government ordered Hikvision to stop all operations in the country due to national security concerns. Hikvision, based in...
Read More
By infosecbulletin
/ Sunday , June 29 2025
Doctors at Columbia University Fertility Center have reported what they are calling the first pregnancy using a new AI system,...
Read More
By infosecbulletin
/ Saturday , June 28 2025
Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a...
Read More
By F2
/ Saturday , June 28 2025
Since June 9, 2025, Russian users connecting to Cloudflare services have faced throttling by ISPs. As the throttling is being...
Read More
By infosecbulletin
/ Saturday , June 28 2025
A new report from SafetyDetectives reveals that hackers posted a massive 3.1GB dataset online, containing about 61 million records reportedly...
Read More
The flaw affects Ivanti CSA 4.6, which is now outdated, so customers must upgrade to a supported version. It has been fixed in CSA 4.6 Patch 519.
“With the end-of-life status this is the last fix that Ivanti will backport for this version,” the Utah-based IT software company added. “Customers must upgrade to Ivanti CSA 5.0 for continued support.”
“CSA 5.0 is the only supported version and does not contain this vulnerability. Customers already running Ivanti CSA 5.0 do not need to take any additional action.”
On Friday, Ivanti reported confirmed exploitation of the flaw affecting a small group of customers.
No new details about the attacks or the identity of the threat actors were provided. However, several Ivanti product vulnerabilities have been exploited as zero-days by Chinese cyberespionage groups.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to implement fixes by October 4, 2024.
Horizon3.ai revealed a serious deserialization vulnerability (CVE-2024-29847, CVSS score: 10.0) in Endpoint Manager (EPM) that allows for remote code execution.