Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild.
The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was « incidentally addressed » by the company as part of CSA 4.6 Patch 519 and CSA 5.0.
« Path Traversal in the Ivanti CSA before 4.6 Patch