CVE-2024-8963

ENISA EUVD: EUVD-2024-49510 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 9 articles Published: 2024-09-19

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

94.16%

probability

This CVE has a 94.16% probability of being exploited in the next 30 days.

0% Top 99.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

9.4

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Description

VulnerabilityLookup (CNA)

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

Affected Products

Ivanti

CSA (Cloud Services Appliance)

4.6 Patch 519 5.0

ivanti

endpoint manager cloud services appliance

Ivanti

CSA (Cloud Services Appliance)

patch: 4.6 Patch 519

Ivanti

CSA (Cloud Services Appliance)

patch: 5.0

Attack Intelligence

CWE-22 · Path Traversal CWE-664 · Improper Control of a Resource Through its Lifetime CWE-706 · Use of Incorrectly-Resolved Name or Reference

Exploits & PoC

patfire94/CVE-2024-8963

Ivanti Cloud Services Appliance - Path Traversal

0 2024-11-13

1 repo — triés par ⭐ Rechercher sur GitHub ↗

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963

Signal Intelligence

Confidenceⓘ

85%

EPSS 94.16%

CVSS v3.1 9.4

Mentions 9

Last Seen Oct 22, 2024

CNA Information

CNA Assigner

ivanti

Analyst Note

CVE-2024-8963 is explicitly named as one of three CSA zero-days exploited in attacks according to BleepingComputer. The CVE was published 2024-09-19 and exploitation was reported shortly thereafter (CERT-FR alert 2024-10-22), indicating exploitation occurred before or immediately after patch availability, meeting zero-day criteria.