October 2, 2024 at 02:58PM CISA warned of an actively exploited critical Ivanti vulnerability, allowing remote code execution on vulnerable EPM appliances. Tracked as CVE-2024-29824, the SQL Injection flaw affects unpatched systems. Ivanti released security updates in May but confirmed ongoing exploitation. Federal agencies are required to patch within three weeks. Prioritize patching to block … Read more
September 11, 2024 at 06:57AM Ivanti announced security updates for Endpoint Manager, Cloud Service Appliance, and Workspace Control, addressing multiple high-severity vulnerabilities. Patches for Endpoint Manager resolve 16 flaws, including CVE-2024-29847, a critical-severity bug allowing remote code execution. Cloud Service Appliance patch resolves an OS command injection flaw. Workspace Control patches address six high-severity vulnerabilities. … Read more
July 18, 2024 at 07:45AM Ivanti released patches for high-severity vulnerabilities in Endpoint Manager and Endpoint Manager for Mobile, including hotfix for an SQL injection flaw. Also, patches for four vulnerabilities impacting all versions of Endpoint Manager for Mobile were released. Additionally, patches for a medium-severity path traversal-affiliated vulnerability in Ivanti Docs@Work for Android were … Read more
May 22, 2024 at 07:42AM IT software company Ivanti released patches for several products, including critical vulnerabilities in Endpoint Manager (EPM). The fixes addressed SQL injection bugs and unrestricted file upload issues. Ivanti urged customers to update to the latest versions to apply the fixes. The company also reaffirmed its commitment to enhancing security practices. … Read more
January 5, 2024 at 07:18AM Ivanti warned of a critical vulnerability in its Endpoint Manager product, CVE-2023-39336, allowing remote code execution and potential device takeover. The issue affects EPM 2022 Service Update 4 and all prior versions, with a fix available in EPM 2022 Service Update 5. Ivanti restricts details to customers, suggesting proactive patching … Read more
January 5, 2024 at 03:27AM Ivanti has issued security updates for a critical flaw in its Endpoint Manager solution, posing a remote code execution risk. The vulnerability, rated 9.6 on the CVSS scale, affects EPM 2021 and 2022 prior to SU5. Ivanti also addressed multiple security flaws in its Avalanche enterprise mobile device management solution, … Read more