Security News > 2024 > September > Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities
2024-09-11 06:30
Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows - CVE-2024-29847 (CVSS score: 10.0) - A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution.
News URL
https://thehackernews.com/2024/09/ivanti-releases-urgent-security-updates.html
Related news
- Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (source)
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) (source)
- Week in review: Botnet hits M365 accounts, PoC for Ivanti Endpoint Manager vulnerabilities released (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Microsoft shares workaround for Windows security update issues (source)
- Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now (source)
- Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws (source)
- Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) (source)
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List (source)
- Update Your iPhone Now to Fix Safari Security Flaw (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-29847 | Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | 9.8 |