S4E

CVE-2021-44529 Scanner

Detects 'Code Injection' vulnerability in Ivanti EPM affects v. 4.6.0-512.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Time Interval

816 sec

Scan only one

Domain, Ipv4

Toolbox

-

Ivanti EPM, or Endpoint and User Workspace Management, is a cloud-based solution designed to help organizations manage their IT assets and users. It allows IT administrators to automate endpoint and user management tasks, such as application deployment, patch management, and user access control, from a single management console. The Ivanti EPM cloud services appliance (CSA) is a critical component of the Ivanti EPM solution, providing cloud-based management services for IT assets.

Recently, a vulnerability was detected in the Ivanti EPM CSA, identified by the CVE-2021-44529 code. This vulnerability allows an unauthenticated user to inject arbitrary code with limited permissions, leading to a potential takeover of the system. This vulnerability affects all versions of the Ivanti EPM CSA prior to version 2021.3.1.

If this vulnerability is exploited, attackers could take control of the system and access sensitive company data. They could steal user credentials or sensitive information, launch cyber attacks, or disrupt critical business operations. Moreover, as the vulnerability allows attackers to execute arbitrary code, they could modify and delete sensitive information or even take complete control of the system.

Thanks to the pro features of the s4e.io platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. The platform provides comprehensive vulnerability assessment tools, including scanning and reporting features. It enables organizations to discover and prioritize vulnerabilities easily and efficiently, reducing the risk of security breaches and attacks. With the platform, organizations can stay ahead of the latest threats and protect their digital assets.

 

REFERENCES

Get started to protecting your Free Full Security Scan