Security News > 2024 > January > Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution
2024-01-05 07:42
Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5. “If exploited, an
News URL
https://thehackernews.com/2024/01/alert-ivanti-releases-patch-for.html
Related news
- Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-39336 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. | 8.8 |