Researcher Uncovers Critical Flaws In Multiple Versions Of Ivanti Endpoint Manager
Thumbnail
Summary: Ivanti has released security updates to address critical vulnerabilities in its Endpoint Manager (EPM), Avalanche, and Application Control Engine, including four critical flaws rated 9.8 on the CVSS scale that could lead to information disclosure. The vulnerabilities, discovered by security researcher Zach Hanley, allow remote unauthenticated attackers to leak sensitive information. Additionally, SAP has released patches for two critical vulnerabilities in its NetWeaver ABAP Server and ABAP Platform that could allow privilege escalation.

Threat Actor: Unknown | unknown
Victim: Ivanti and SAP | Ivanti and SAP

Keypoints :

  • Four critical vulnerabilities in EPM allow remote attackers to leak sensitive information.
  • Ivanti has patched vulnerabilities in Avalanche and Application Control Engine that could bypass authentication and leak data.
  • SAP has issued patches for critical vulnerabilities in its NetWeaver ABAP Server that enable privilege escalation.

Source: https://thehackernews.com/2025/01/researcher-uncovers-critical-flaws-in.html