{"uuid": "0bb69da9-6fb5-4820-b41f-37af17a34505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9380", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3887", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-9379\n\ud83c\udfe2 Vendor: Ivanti\n\ud83d\udda5\ufe0f Product: Cloud Services Appliance (CSA)\n\ud83d\udd39 Description: Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.\n\ud83d\udccf Published: 2024-10-08T00:00:00Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json\n2. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381?language=en_US\n3. https://www.cisa.gov/sites/default/files/2025-01/aa25-022a-threat-actors-chained-vulnerabilities-in-ivanti-cloud-service-applications.pdf\n4. https://www.fortiguard.com/outbreak-alert/ivanti-csa-zero-day-attack", "creation_timestamp": "2025-02-08T23:20:33.000000Z"}