CVE-2024-11771 — Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticate... | CVE Daily

Medium CVSS 5.3

Overview

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.

CWE: CWE-22 Published: 2025-02-11T16:15:38.520

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.3 (MEDIUM)
Detected tags: path, unauth_access (tag impact: HIGH)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.
Enforce authentication/authorization; reduce default endpoint exposure.

Recommended tools

Tags