Ivanti on Tuesday declare to patch for several products, including fixes for critical vulnerabilities in Endpoint Manager (EPM). Ivanti resolved six out of the ten security defects resolved in EPM are critical-severity SQL Injection bugs. Tracked as CVE-2024-29822 through CVE-2024-29827, the bugs impact the Core server of Ivanti EPM 2022 SU5 scoring CVSS score of 9.
The vendor released hot fixes for EPM 2022 SU5 which resolve four other SQL injection vulnerabilities in EPM 2022 SU5 and prior releases that could also be exploited to execute arbitrary code from the network, without authentication. Ivanti also announced patches for a high-severity unrestricted file upload bug in the web component of Ivanti Avalanche.
By infosecbulletin
/ Thursday , October 10 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its...
Read More
By infosecbulletin
/ Thursday , October 10 2024
Palo Alto Networks released a security advisory (PAN-SA-2024-0010) about several high-severity vulnerabilities in its Expedition migration tool, with CVSS scores...
Read More
By infosecbulletin
/ Wednesday , October 9 2024
In its recent Patch Tuesday release, Microsoft fixed 118 vulnerabilities, including five zero-day flaws, two of which are currently being...
Read More
By infosecbulletin
/ Tuesday , October 8 2024
The Cyber Threat Intelligence (CTI) Unit at BGD e-GOV CIRT has discovered a malware campaign involving the Lumma Stealer family....
Read More
By infosecbulletin
/ Monday , October 7 2024
Qualcomm's October 2024 Security Bulletin reveals critical vulnerabilities in several chipsets, including the popular Snapdragon mobile platforms and FastConnect solutions....
Read More
By infosecbulletin
/ Sunday , October 6 2024
BGD e-GOV CIRT is excited to announce the Financial Institutions and Critical Information Infrastructure (CII) Cyber Drill 2024, designed for...
Read More
By infosecbulletin
/ Saturday , October 5 2024
National Attack Surface (NAS) report for the first half of 2024 reveals that 56.6% of cyberattacks in Bangladesh targeted educational...
Read More
By infosecbulletin
/ Saturday , October 5 2024
A new ransomware campaign is targeting individuals and organizations in the UK and US. The "Prince Ransomware" attack uses a...
Read More
By infosecbulletin
/ Friday , October 4 2024
CISA has issued an urgent alert about critical vulnerabilities being exploited in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM)....
Read More
By infosecbulletin
/ Friday , October 4 2024
ISACA 2024 survey report reveals that 66% of cybersecurity professionals find their jobs more stressful now than five years ago....
Read More
Ivanti said, “It is highly recommended to download the Avalanche installer and update to the latest Avalanche 6.4.3.602. The installation will apply a fix for the single CVE but will also include previously released CVE fixes and security hardenings,”.
Patches were rolled out for five other high-severity vulnerabilities as well: an SQL injection and an unrestricted file upload bug in Neurons for ITSM, a CRLF injection flaw in Connect Secure, and two local privilege escalation issues in the Secure Access client for Windows.
In addition, patches have been shipped for five other high-severity vulnerabilities: an SQL injection (CVE-2024-22059) and an unrestricted file upload bug (CVE-2024-22060) in Neurons for ITSM, a CRLF injection flaw in Connect Secure (CVE-2023-38551), and two local privilege escalation issues in the Secure Access client for Windows (CVE-2023-38042) and Linux (CVE-2023-46810).
Ivanti said that there is no evidence of the flaws being exploited in the wild or that they were “introduced into our code development process maliciously” via a supply chain attack.