Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
High

SQL Injection in Ivanti CSA Admin Web Console

IdentifiersCVE-2024-11773CWE-89· Improper Neutralization of Special…

CVE-2024-11773 is an SQL injection vulnerability in the administrator web console of Ivanti Cloud Services Application (CSA). According to the provided content, Ivanti CSA versions 5.0.2 and earlier are affected, and the issue was fixed in version 5.0.3. The vulnerability allows a remote authenticated attacker who already has administrator privileges to execute arbitrary SQL statements against the application's backend database through the admin console.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows execution of arbitrary SQL statements in the Ivanti CSA backend context. This can enable unauthorized access to, modification of, or deletion of application data stored in the database, and may facilitate broader administrative compromise depending on database privileges and application architecture. The provided content characterizes the issue as high severity (CVSS 9.1).

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure of the administrator web console to only trusted management networks, restrict access to administrative accounts, and monitor for suspicious SQL/database activity originating from the CSA admin interface. However, the provided content identifies upgrading to version 5.0.3 as the vendor remediation.

Remediation

Patch, then assume compromise.

Upgrade Ivanti Cloud Services Application (CSA) to version 5.0.3 or later. The provided content states that Ivanti fixed this vulnerability in version 5.0.3 and advised customers to update immediately via the Ivanti download portal.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
IvantiCloud Services Applianceapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2024-11773
NVD
nvd.nist.gov/vuln/detail/CVE-2024-11773
MITRE CWE · CWE-89
Improper Neutralization of Special Elements…
Vendor Advisory
forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773