First published: 20 Sep 2024
Last updated: 20 Sep 2024

Content written for

Small & medium business
Large organisations & infrastructure
Government

This Alert is relevant to Australian organisation who are running or administering instances of Ivanti CSA 4.6 (Cloud Services Appliance). This alert is intended to be understood by technical users.

Customers are encouraged to apply available mitigations and patches as soon as possible.

Background / What has happened?

  • Ivanti has released a security advisory and mitigations for a critical vulnerability in the Ivanti CSA 4.6 (Cloud Services Appliance).
  • CVE-2024-8963 administrative bypass/path traversal in Ivanti CSA 4.6 before Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
  • Ivanti is aware of active exploitation of this vulnerability.

Mitigation / How do I stay secure?

Organisations that use Ivanti CSA 4.6 (Cloud Services Appliance) should follow the mitigations advice provided in the Ivanti Security Advisory below:

Ivanti advise that CSA 4.6 is End of Life and strongly recommends that there customers upgrade to CSA 5.0.

Assistance / Where can I go for help?

Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it