Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

A high-severity security flaw in Ivanti’s Cloud Service Appliance (CSA) is being actively exploited. The vulnerability allows remote code execution under certain conditions and affects CSA version 4.6. Ivanti has released a patch for the flaw and urged customers to upgrade to the supported CSA 5.0. The US Cybersecurity and Infrastructure Security Agency has added the vulnerability to its catalog and ordered federal agencies to apply the fixes by October 4, 2024.