Summary: Ivanti has released patches for multiple critical and high-severity vulnerabilities in its Avalanche, Application Control Engine, and Endpoint Manager (EPM) products, addressing serious security flaws that could be exploited by remote attackers. The most severe issues include absolute path traversal vulnerabilities in EPM, with a CVSS score of 9.8, and several high-severity flaws in Avalanche and Application Control Engine.
Threat Actor: Unknown | Ivanti
Victim: Organizations using Ivanti products | Ivanti
Key Point :
- Four critical absolute path traversal vulnerabilities in EPM could allow remote, unauthenticated attackers to leak sensitive information.
- Ivanti recommends immediate updates to mitigate risks associated with these vulnerabilities.
- New patches also address high-severity flaws that could lead to remote code execution, denial-of-service, and privilege escalation.
- There is currently no evidence of these vulnerabilities being exploited in the wild.
Source: https://www.securityweek.com/ivanti-patches-critical-vulnerabilities-in-endpoint-manager-2/