Security News > 2023 > July > CISA warns govt agencies to patch Ivanti bug exploited in attacks
Ivanti has also confirmed that the bug is actively exploited in attacks and warned customers that it's critical to "Immediately take action" to ensure their systems are fully protected.
U.S. Federal Civilian Executive Branch Agencies have a three-week deadline, until August 15th, to secure their devices against attacks targeting the CVE-2023-35078 flaw, which was added to CISA's list of Known Exploited Vulnerabilities on Tuesday.
The U.S. cybersecurity agency also gave federal agencies three weeks to patch their Adobe ColdFusion servers against two critical security flaws exploited in attacks, one of them as a zero-day.
Ivanti patches MobileIron zero-day bug exploited in attacks.
CISA warns govt agencies to patch Adobe ColdFusion servers.
CISA orders agencies to patch iPhone bugs abused in spyware attacks.
News URL
Related news
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- CISA flags Craft CMS code injection flaw as exploited in attacks (source)
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-35078 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |