Security News > 2024 > December > Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
2024-12-11 02:59
Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote
News URL
https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html
Related news
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Wireshark 4.4.2: Security updates, bug fixes, updated protocol support (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Three more vulns spotted in Ivanti CSA, all critical, one 10/10 (source)
- Critical security hole in Apache Struts under exploit (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
- Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation (source)
- Windows 11 installation media bug causes security update failures (source)
- Windows 11 Media Update Bug Stops Security Updates (source)
- Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-10 | CVE-2024-11639 | Missing Authentication for Critical Function vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0 An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | 9.8 |