
Horizon3.ai researchers have discovered critical vulnerabilities in Ivanti Endpoint Manager that could allow attackers to gain access to sensitive information. The company has already released a security update to address these issues.
Ivanti has released security updates to address four critical vulnerabilities in its endpoint management (EPM) system. Ivanti has released a security update that addresses four critical endpoint management (EPM) vulnerabilities. These vulnerabilities, which received a score of 9.8 on the CVSS scale, allowed attackers to exploit access routes to sensitive information. These vulnerabilities are:
These vulnerabilities affect versions of EPM prior to the January 2025 security update. The company urges users to install the update immediately to avoid possible attacks. The update also covers the Avalanche and Application Control Engine products, which were found to contain vulnerabilities that could bypass authentication and access protected data. Ivanti reports that there is no evidence that these vulnerabilities have actually been exploited. Ivanti reports that there is no evidence that these vulnerabilities have been exploited.
The vulnerabilities were discovered by Zach Henley, a cybersecurity expert at Horizon3.ai. Other companies have had similar problems in the past: for example, SAP released an update to address a critical vulnerability in its software that allowed attackers to elevate access privileges and obtain sensitive data; Ivanti has improved its testing processes and taken steps to eliminate similar incidents in the future. The company says it has taken steps to strengthen its testing processes and respond quickly to similar incidents in the future.
Ivanti responded quickly to the identified vulnerabilities by releasing updates to address critical security issues. The company recommends that all users install updates in a timely manner to prevent potential threats.