Security News > 2025 > January > Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager

2025-01-16 06:39
Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM, and concern absolute path traversal flaws that allow a remote unauthenticated
News URL
https://thehackernews.com/2025/01/researcher-uncovers-critical-flaws-in.html
Related news
- Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws (source)
- Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now (source)
- Ivanti fixes three critical flaws in Connect Secure & Policy Secure (source)
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) (source)
- Week in review: Botnet hits M365 accounts, PoC for Ivanti Endpoint Manager vulnerabilities released (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Researchers Uncover 46 Critical Flaws in Solar Power Systems From Sungrow, Growatt, and SMA (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)