CVE-2024-8963CISA KEVEPSS p99.9%

CVE-2024-8963Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability

Ivanti / Cloud Services Appliance (CSA)

Description

Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.

Scoring

EPSS98.41% probability of exploitation · percentile 99.9% · 2026-06-16T12:03:06Z

CISA KEV entry

Added to KEV: 2024-09-19

(incoming)1

TypeTargetConfidenceTier
KEVEntryIvanti Cloud Services Appliance (CSA) Path Traversal Vulnerabilitykev-cve-2024-89630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Ivanti Cloud Services Appliance OS Command Injection Vulnerability
CVE
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
CVE
Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability
CVE
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
CVE
CVE-2026-9614
CVE
CVE-2025-9713
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.