CVE-2024-8963 — Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability

Description

Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.

How to fix CVE-2024-8963

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2024-8963 being exploited?

Yes — CVE-2024-8963 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.