CVE-2021-44529 - Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability

Ivanti | Endpoint Manager Cloud Service Appliance (EPM CSA)

• Date Added:
• 2024-03-25

• Due Date:
• 2024-04-15

Vulnerability Name

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability

Description

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://forums.ivanti.com/s/article/SA-2021-12-02?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-44529

Top Security News

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

Microsoft fixes exploited zero-day (CVE-2024-49138)

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

Abandoned AWS Cloud Storage: A Major Cyberattack Vector

Windows Server 2025 released—here are the new features

Garmin GPS watches crashing, stuck in triangle 'reboot loop'

Windows 11 KB5050094 update fixes bugs causing audio issues

Common Alerts

InformationalNon-Storable Content

InformationalRetrieved from Cache

LowTimestamp Disclosure - Unix

MediumSub Resource Integrity Attribute Missing

MediumCSP: script-src unsafe-eval

InformationalBase64 Disclosure

InformationalContent-Type Header Empty

InformationalContent Security Policy (CSP) Report-Only Header Found

MediumReferer Exposes Session ID

LowCookie with SameSite Attribute None

Latest CVE List

CVE-2025-0994 Trimble Cityworks Deserialization Vulnerability

CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability

CVE-2022-23748 Dante Discovery Process Control Vulnerability

CVE-2024-21413 Microsoft Outlook Improper Input Validation Vulnerability

CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability

CVE-2020-15069 Sophos XG Firewall Buffer Overflow Vulnerability

CVE-2024-53104 Linux Kernel Out-of-Bounds Write Vulnerability

CVE-2024-45195 Apache OFBiz Forced Browsing Vulnerability

CVE-2024-29059 Microsoft .NET Framework Information Disclosure Vulnerability

CVE-2018-9276 Paessler PRTG Network Monitor OS Command Injection Vulnerability

Common CWEs

CWE-579 J2EE Bad Practices: Non-serializable Object Stored in Session

CWE-638 Not Using Complete Mediation

CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CWE-1188 Initialization of a Resource with an Insecure Default

CWE-24 Path Traversal: '../filedir'

CWE-305 Authentication Bypass by Primary Weakness

MediumCWE-370 Missing Check for Certificate Revocation after Initial Check

CWE-1342 Information Exposure through Microarchitectural State after Transient Execution

HighCWE-784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision

CWE-1095 Loop Condition Value Update within the Loop