August 14, 2024 at 06:57AM
Ivanti announced patches for eight vulnerabilities in Neurons for ITSM, Avalanche, and Virtual Traffic Manager, including two critical-severity flaws. The patches address security defects, such as information disclosure and improper certificate validation, and are available for download. Ivanti recommends customers upgrade to the patched versions to mitigate potential risks.
Based on the meeting notes, here are the key takeaways:
– Ivanti has announced patches for eight vulnerabilities in Neurons for ITSM, Avalanche, and Virtual Traffic Manager, which include critical-severity flaws and high-severity issues.
– Two critical-severity issues were resolved in Neurons for ITSM, including an information disclosure bug (CVE-2024-7569) and an improper certificate validation flaw (CVE-2024-7570).
– Patches have been applied to Neurons for ITSM Cloud landscapes on August 4, addressing the vulnerabilities in versions 2023.2, 2023.3, and 2023.4.
– A critical-severity bug in Virtual Traffic Manager (vTM) (CVE-2024-7593) has been resolved with the release of vTM versions 22.2R1 and 22.7R2, with future patches planned for upcoming versions.
– Five high-severity vulnerabilities in Avalanche have been patched in version 6.4.4, including issues related to denial-of-service (DoS) attacks, arbitrary file reading, and remote code execution (RCE).
– Ivanti is not aware of any of these vulnerabilities being exploited in the wild, but a proof-of-concept (PoC) exploit is available for the critical vTM flaw.
– Customers are advised to refer to Ivanti’s August security advisory for additional details.
Let me know if you need any further information or assistance.