Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in Ivanti Endpoint Manager
Alerts

Critical Vulnerabilities in Ivanti Endpoint Manager

24 May 2024

Ivanti has released security updates to address critical vulnerabilities (CVE-2024-29822, CVE-2024-29823, CVE-2024-29824, CVE-2024-29825, CVE-2024-29826, and CVE-2024-29827) in Ivanti Endpoint Manager (EPM). These vulnerabilities have a Common Vulnerability Scoring System (CVSSv3.1) score of 9.6 out of 10.

Successful exploitation of these SQL injection vulnerabilities could allow an unauthenticated attacker within the same network to execute arbitrary code. This could result in high impact on confidentiality, integrity, and availability of the affected system.

These vulnerabilities affect Ivanti EPM versions 2022 SU5 and earlier.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US

Back to top