Security News > 2024 > December > Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
2024-12-11 02:59
Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote
News URL
https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html
Related news
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (source)
- Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now (source)
- Windows 11 Media Update Bug Stops Security Updates (source)
- Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption (source)
- The ongoing evolution of the CIS Critical Security Controls (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical vulnerabilities remain unresolved due to prioritization gaps (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-10 | CVE-2024-11639 | Missing Authentication for Critical Function vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0 An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | 9.8 |