First published: 20 Sep 2024
Last updated: 20 Sep 2024

Content written for

Small & medium business
Large organisations & infrastructure
Government

This Alert is relevant to Australian organisation who are running or administering instances of Ivanti CSA 4.6 (Cloud Services Appliance). This alert is intended to be understood by technical users.

Customers are encouraged to apply available mitigations and patches as soon as possible.

Background / What has happened?

  • Ivanti has released a security advisory and mitigations for a critical vulnerability in the Ivanti CSA 4.6 (Cloud Services Appliance).
  • CVE-2024-8963 administrative bypass/path traversal in Ivanti CSA 4.6 before Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
  • Ivanti is aware of active exploitation of this vulnerability.

Mitigation / How do I stay secure?

Organisations that use Ivanti CSA 4.6 (Cloud Services Appliance) should follow the mitigations advice provided in the Ivanti Security Advisory below:

Ivanti advise that CSA 4.6 is End of Life and strongly recommends that there customers upgrade to CSA 5.0.

Assistance / Where can I go for help?

Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?