CVE-2021-44529

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody). Vendor/Product: Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA). Added to CISA KEV 2024-03-25; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.