Security News > 2024 > December > Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
2024-12-11 02:59
Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote
News URL
https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html
Related news
- Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (source)
- Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Microsoft shares workaround for Windows security update issues (source)
- Don't Overlook These 6 Critical Okta Security Configurations (source)
- Ivanti fixes three critical flaws in Connect Secure & Policy Secure (source)
- Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws (source)
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) (source)
- Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-10 | CVE-2024-11639 | Missing Authentication for Critical Function vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0 An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | 9.8 |