Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-44529

KEV · Ransomware EPSS 94.46% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-44529

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ivanti Endpoint Manager 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ivanti Endpoint Manager(EPM)是美国Ivanti公司的一套端点安全管理器。 Ivanti Endpoint Manager(EPM) 存在安全漏洞,该漏洞源于Ivanti EPM允许未经身份验证的用户以有限的权限执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Ivanti EPM 4.6.0-512 -

II. Public POCs for CVE-2021-44529

#POC DescriptionSource LinkShenlong Link
1CVE-2021-44529 PoChttps://github.com/jkana/CVE-2021-44529POC Details
2CVE-2021-44529 Ivanti EPM 云服务设备 (CSA) 中的代码注入漏洞允许未经身份验证的用户以有限的权限(nobody)执行任意代码。https://github.com/jax7sec/CVE-2021-44529POC Details
3Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-44529.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-44529

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-12-08 · 21 CVEs total

CVE-2021-447268.8 HIGHKnime Server 跨站脚本漏洞
CVE-2021-447257.5 HIGHKnime Server 路径遍历漏洞
CVE-2021-439787.1 HIGHAllegro Windows 安全漏洞
CVE-2021-421107.1 HIGHAllegro Windows 输入验证错误漏洞
CVE-2021-40861Genesys Intelligent Workload Distribution SQL注入漏洞
CVE-2021-3370DouCo DouPHP 跨站脚本漏洞
CVE-2020-22421迅易科技 74cms 跨站脚本漏洞
CVE-2018-25020Linux kernel 安全漏洞
CVE-2021-44556National Library Of The Netherlands / Research Digger 代码问题漏洞
CVE-2021-44557MultiNer代码问题漏洞
CVE-2021-42835PLEX Plex Media Server 访问控制错误漏洞
CVE-2021-40860Genesys Intelligent Workload Distribution SQL注入漏洞
CVE-2021-21957Dream Report ODS Remote Connector 安全漏洞
CVE-2021-41450Tp-link TP-Link AX10 环境问题漏洞
CVE-2021-41063Aanderaa GeoView SQL注入漏洞
CVE-2021-43399yubihsm-shell 缓冲区错误漏洞
CVE-2020-27416Maharashtra State Electricity Distribution Mahavitaran 代码问题漏洞
CVE-2021-4048Lapack 缓冲区错误漏洞
CVE-2021-21951Eufy Anker Eufy Homebase 缓冲区错误漏洞
CVE-2021-21950Eufy Anker Eufy Homebase 缓冲区错误漏洞

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-94

V. Comments for CVE-2021-44529

No comments yet

Leave a comment