【Vulnerability Alert】High-Risk Security Vulnerability (CVE-2021-44529) in Ivanti EPM Cloud Services Appliance (CSA)

【Vulnerability Alert】High-Risk Security Vulnerability (CVE-2021-44529) in Ivanti EPM Cloud Services Appliance (CSA) - Please Verify and Patch Immediately!

publish date : 2024-04-02 update date : 2024-04-15

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2024040111040303	Publication Time	2024/03/29 11:00
Incident Type	ANA-Vulnerability Alert	Discovery Time	2024/04/01 11:00
Impact Level	Medium
[Subject] 【Vulnerability Alert】High-Risk Security Vulnerability (CVE-2021-44529) in Ivanti EPM Cloud Services Appliance (CSA) - Please Verify and Patch Immediately!
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202403-00000147 Researchers have discovered a Code Injection vulnerability (CVE-2021-44529) in Ivanti EPM Cloud Services Appliance (CSA). Remote attackers without authentication can exploit this vulnerability to execute arbitrary code on the system with limited permissions (nobody). This vulnerability has been exploited by hackers, please verify and patch it as soon as possible. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] ● CSA 4.6.0-512 (excluding versions prior to this)
[Recommended Actions] The official patch for the vulnerability has been released. Please update to the following versions: ● CSA 4.6.0-512 (including versions after this)
[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share