{"vulnerability": "CVE-2024-9381", "sightings": [{"uuid": "ef93af14-a21a-4733-802c-c3f04c6c9ee2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9381", "type": "seen", "source": "https://t.me/cvedetector/7374", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-9381 - Ivanti CSA Path Traversal vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-9381 \nPublished : Oct. 8, 2024, 5:15 p.m. | 40\u00a0minutes ago \nDescription : Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T20:23:48.000000Z"}, {"uuid": "d695c946-5bc4-4dba-aabf-01d6b714e1b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9381", "type": "exploited", "source": "https://t.me/thehackernews/5704", "content": "\u26a0\ufe0f WARNING: Ivanti\u2019s CSA is under attack! Three new zero-day vulnerabilities are being actively exploited in the wild. \n \nThese flaws, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, allow attackers to bypass restrictions, execute arbitrary SQL, and gain remote code execution\u2014all with admin privileges. \n \nFind details here: https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html", "creation_timestamp": "2024-10-08T18:43:40.000000Z"}, {"uuid": "4df2020e-f5d7-4eb0-b9c7-cd6a19ecbb8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9381", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3887", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-9379\n\ud83c\udfe2 Vendor: Ivanti\n\ud83d\udda5\ufe0f Product: Cloud Services Appliance (CSA)\n\ud83d\udd39 Description: Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.\n\ud83d\udccf Published: 2024-10-08T00:00:00Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json\n2. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381?language=en_US\n3. https://www.cisa.gov/sites/default/files/2025-01/aa25-022a-threat-actors-chained-vulnerabilities-in-ivanti-cloud-service-applications.pdf\n4. https://www.fortiguard.com/outbreak-alert/ivanti-csa-zero-day-attack", "creation_timestamp": "2025-02-08T23:20:33.000000Z"}, {"uuid": "3c97b816-39e3-41fb-bfd5-f9fdb3f45361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9381", "type": "seen", "source": "MISP/dbab702b-7260-475a-a9eb-490fbc6def7f", "content": "", "creation_timestamp": "2024-10-30T09:07:43.000000Z"}, {"uuid": "49416c7a-aa7b-4812-8fa9-7b1e8caedb9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-9381", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/4828357e-5b9d-45d5-a952-da459107ce93", "content": "", "creation_timestamp": "2024-10-10T08:32:47.057103Z"}]}