March 21, 2024 at 12:48AM
Ivanti has disclosed a critical remote code execution flaw, CVE-2023-41724, in Standalone Sentry with a CVSS score of 9.6. All supported versions are affected, and patches are available for download. The company credited security experts and mentioned that no customers are known to be affected. Other security flaws in Ivanti software have been exploited by suspected China-linked cyber espionage clusters. SonarSource also revealed a mutation cross-site scripting (mXSS) flaw in Mailspring/Nylas Mail.
Key takeaways from the meeting notes:
1. Ivanti has identified a critical remote code execution flaw, CVE-2023-41724, in Standalone Sentry, impacting versions 9.17.0, 9.18.0, and 9.19.0.
2. The company has released patches (versions 9.17.1, 9.18.1, and 9.19.1) to address the vulnerability.
3. The flaw has not been known to affect any customers without a valid TLS client certificate enrolled through EPMM.
4. Security research firm Mandiant has identified China-linked cyber espionage clusters exploiting security flaws in Ivanti software.
5. SonarSource has disclosed a mutation cross-site scripting (mXSS) flaw in an open-source email client called Mailspring (CVE-2023-47479), allowing for code execution when a user replies to or forwards a malicious email.
Would you like me to assist with anything else?