clayton@site:~/news$ cat cve-2021-44529-ivanti-endpoint-manager-cloud-service-appliance-epm-csa.log

CVE-2021-44529 — Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability

2024-03-25 • CISA Known Exploited Vulnerability

[event] Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).

> AFFECTED SOFTWARE

Field	Value
Vendor	Ivanti
Product	Endpoint Manager Cloud Service Appliance (EPM CSA)
CWE	CWE-94
CVE ID	CVE-2021-44529
Date Added	2024-03-25
Due Date	2024-04-15
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-04-15

> REFERENCES

[1] https://forums.ivanti.com/s/article/SA-2021-12-02?language=en_US
[2] https://nvd.nist.gov/vuln/detail/CVE-2021-44529