Security News > 2024 > January > Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution
2024-01-05 07:42
Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5. “If exploited, an
News URL
https://thehackernews.com/2024/01/alert-ivanti-releases-patch-for.html
Related news
- Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others (source)
- Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (source)
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)
- Check Point warns customers to patch VPN vulnerability under active exploitation (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability (source)
- SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-39336 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. | 8.8 |