May 22, 2024 at 07:42AM
IT software company Ivanti released patches for several products, including critical vulnerabilities in Endpoint Manager (EPM). The fixes addressed SQL injection bugs and unrestricted file upload issues. Ivanti urged customers to update to the latest versions to apply the fixes. The company also reaffirmed its commitment to enhancing security practices.
From the meeting notes, the key takeaways are as follows:
– Ivanti has announced patches for several products, including fixes for critical vulnerabilities in Endpoint Manager (EPM).
– Six out of the ten security defects resolved in EPM are critical-severity SQL Injection bugs, with a CVSS score of 9.6, impacting the Core server of Ivanti EPM 2022 SU5 and previous releases.
– Hot fixes have been released for EPM 2022 SU5, addressing SQL injection vulnerabilities and providing detailed update instructions.
– Additionally, patches for the bugs will also be included in a future version of EPM.
– Ivanti has also announced patches for a high-severity unrestricted file upload bug in Ivanti Avalanche, with recommendations to update to the latest version.
– Patches were rolled out for five other high-severity vulnerabilities, with Ivanti reiterating its commitment to improving security and vulnerability management practices.
– The company emphasized its commitment to enhancing vulnerability management practices to better protect against future threats.
– There is no evidence of the vulnerabilities being exploited in attacks, and no other products are affected by them.
These takeaways summarize the main points discussed in the meeting notes regarding Ivanti’s recent security patches and commitment to improving security measures.