May 23, 2024 at 05:39AM
Ivanti has released fixes for multiple critical security flaws in Endpoint Manager (EPM), addressing SQL injection vulnerabilities and high-severity security flaws in other products. Additionally, a critical flaw in the open-source Genie federated Big Data orchestration and execution engine has been disclosed, posing a risk for remote code execution. The U.S. government has warned about continued attempts to exploit directory traversal defects in software. Honeywell’s Control Edge Unit Operations Controller also faces vulnerabilities that can lead to unauthenticated remote code execution.
Key takeaways from the meeting notes:
– Ivanti rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM), including SQL injection flaws and high-severity vulnerabilities in other products like Avalanche, Neurons for ITSM, Connect Secure, and Secure Access client for Windows and Linux.
– There is no evidence of the flaws being exploited in the wild or that they were introduced maliciously via a supply chain attack.
– A critical flaw in the open-source version of the Genie federated Big Data orchestration and execution engine developed by Netflix could lead to remote code execution. This vulnerability impacts all versions of the software prior to 4.3.18.
– The U.S. government warned of continued attempts by threat actors to exploit directory traversal defects in software to breach targets, calling on developers to adopt a secure by design approach for eliminating such security holes.
– There are also vulnerabilities identified in Honeywell’s Control Edge Unit Operations Controller (UOC) that can result in unauthenticated remote code execution.
Follow our exclusive content on Twitter and LinkedIn for more updates.
Let me know if you need any further information or if there’s anything else I can assist you with.