Security News > 2023 > July > CISA warns govt agencies to patch Ivanti bug exploited in attacks
Ivanti has also confirmed that the bug is actively exploited in attacks and warned customers that it's critical to "Immediately take action" to ensure their systems are fully protected.
U.S. Federal Civilian Executive Branch Agencies have a three-week deadline, until August 15th, to secure their devices against attacks targeting the CVE-2023-35078 flaw, which was added to CISA's list of Known Exploited Vulnerabilities on Tuesday.
The U.S. cybersecurity agency also gave federal agencies three weeks to patch their Adobe ColdFusion servers against two critical security flaws exploited in attacks, one of them as a zero-day.
Ivanti patches MobileIron zero-day bug exploited in attacks.
CISA warns govt agencies to patch Adobe ColdFusion servers.
CISA orders agencies to patch iPhone bugs abused in spyware attacks.
News URL
Related news
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September (source)
- Ivanti warns high severity CSA flaw is now exploited in attacks (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-35078 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |