Tuesday , February 4 2025
Ivanti

Ivanti Patches Critical RCE Flaws in Endpoint Manager

infosecbulletin Thursday , May 23 2024 International

Ivanti on Tuesday declare to patch for several products, including fixes for critical vulnerabilities in Endpoint Manager (EPM). Ivanti resolved six out of the ten security defects resolved in EPM are critical-severity SQL Injection bugs. Tracked as CVE-2024-29822 through CVE-2024-29827, the bugs impact the Core server of Ivanti EPM 2022 SU5 scoring CVSS score of 9.

The vendor released hot fixes for EPM 2022 SU5 which resolve four other SQL injection vulnerabilities in EPM 2022 SU5 and prior releases that could also be exploited to execute arbitrary code from the network, without authentication. Ivanti also announced patches for a high-severity unrestricted file upload bug in the web component of Ivanti Avalanche.

Daily Security Update Dated:4.02.2025

By infosecbulletin / Tuesday , February 4 2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated:4.02.2025

768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

By infosecbulletin / Tuesday , February 4 2025
In 2024, 768 vulnerabilities with CVE identifiers were reported as exploited in the wild, a 20% increase from 639 in...
Read More
768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

.Gov Domains Weaponized in Phishing Surge

By infosecbulletin / Monday , February 3 2025
A recent report from Cofense Intelligence highlights a concerning trend: threat actors are increasingly misusing .gov top-level domains (TLDs) to...
Read More
.Gov Domains Weaponized in Phishing Surge

RedSentry presents
Hacked 101 Seminar Successfully Ended at UITS

By infosecbulletin / Sunday , February 2 2025
The cybersecurity seminar "RedSentry presents: Hacked 101," organized by RedSentry with the University of Information Technology and Sciences (UITS) as...
Read More
RedSentry presents Hacked 101 Seminar Successfully Ended at UITS

US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

By infosecbulletin / Sunday , February 2 2025
Researchers at the University of California, Berkeley, claims they’ve managed to reproduce the core technology behind DeepSeek’s at a total...
Read More
US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks

By infosecbulletin / Sunday , February 2 2025
This week, multiple research teams showcased jailbreaks for popular AI models, including OpenAI's ChatGPT, DeepSeek, and Alibaba's Qwen. After its...
Read More
ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks

Paragon Attack WhatsApp With New Zero-Click Spyware

By infosecbulletin / Sunday , February 2 2025
WhatsApp reveiled on Friday that a "zero-click" spyware attack, linked to the Israeli company Paragon, has targeted many users globally,...
Read More
Paragon Attack WhatsApp With New Zero-Click Spyware

Everything I Say Leaks,’ Zuckerberg Says in Leaked Meeting Audio

By infosecbulletin / Saturday , February 1 2025
At an all-hands meeting at Meta on Thursday, Mark Zuckerberg did not mention the company's $25 million settlement with Donald...
Read More
Everything I Say Leaks,’ Zuckerberg Says in Leaked Meeting Audio

Indian tech giant Tata Tech hit by ransomware attack

By infosecbulletin / Saturday , February 1 2025
Tata Technologies reported a ransomware incident affecting some IT services, but it did not disrupt client deliveries, according to a...
Read More
Indian tech giant Tata Tech hit by ransomware attack

Vulnarabilitties found in Cisco webex and VMware Aria operation

By infosecbulletin / Friday , January 31 2025
A serious cybersecurity flaw in Cisco Webex Chat has been discovered, allowing unauthorized attackers to access the chat histories of...
Read More
Vulnarabilitties found in Cisco webex and VMware Aria operation

Ivanti said, “It is highly recommended to download the Avalanche installer and update to the latest Avalanche 6.4.3.602. The installation will apply a fix for the single CVE but will also include previously released CVE fixes and security hardenings,”.

Patches were rolled out for five other high-severity vulnerabilities as well: an SQL injection and an unrestricted file upload bug in Neurons for ITSM, a CRLF injection flaw in Connect Secure, and two local privilege escalation issues in the Secure Access client for Windows.

In addition, patches have been shipped for five other high-severity vulnerabilities: an SQL injection (CVE-2024-22059) and an unrestricted file upload bug (CVE-2024-22060) in Neurons for ITSM, a CRLF injection flaw in Connect Secure (CVE-2023-38551), and two local privilege escalation issues in the Secure Access client for Windows (CVE-2023-38042) and Linux (CVE-2023-46810).

Ivanti said that there is no evidence of the flaws being exploited in the wild or that they were “introduced into our code development process maliciously” via a supply chain attack.

Check Also

Malware Trends Review 2024: Ever Recorded Cyber Threats

Last year saw a significant rise in cyber threats, with malware becoming more advanced and …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin