CVE-2021-44529 Scanner
Detects 'Code Injection' vulnerability in Ivanti EPM affects v. 4.6.0-512.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
816 sec
Scan only one
Domain, Ipv4
Toolbox
-
Ivanti EPM, or Endpoint and User Workspace Management, is a cloud-based solution designed to help organizations manage their IT assets and users. It allows IT administrators to automate endpoint and user management tasks, such as application deployment, patch management, and user access control, from a single management console. The Ivanti EPM cloud services appliance (CSA) is a critical component of the Ivanti EPM solution, providing cloud-based management services for IT assets.
Recently, a vulnerability was detected in the Ivanti EPM CSA, identified by the CVE-2021-44529 code. This vulnerability allows an unauthenticated user to inject arbitrary code with limited permissions, leading to a potential takeover of the system. This vulnerability affects all versions of the Ivanti EPM CSA prior to version 2021.3.1.
If this vulnerability is exploited, attackers could take control of the system and access sensitive company data. They could steal user credentials or sensitive information, launch cyber attacks, or disrupt critical business operations. Moreover, as the vulnerability allows attackers to execute arbitrary code, they could modify and delete sensitive information or even take complete control of the system.
Thanks to the pro features of the s4e.io platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. The platform provides comprehensive vulnerability assessment tools, including scanning and reporting features. It enables organizations to discover and prioritize vulnerabilities easily and efficiently, reducing the risk of security breaches and attacks. With the platform, organizations can stay ahead of the latest threats and protect their digital assets.
REFERENCES