282 matches found
February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs)
Summary Ivanti has released updates for Ivanti Connect Secure ICS,Ivanti Policy Secure IPS and Ivanti Secure Access Client ISAC which addresses medium, high and critical severity vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure...
March Security Advisory Ivanti Secure Access Client (ISAC) (CVE-2025-22454)
Summary Ivanti has released updates for Ivanti Secure Access Client ISAC which addresses one high severity vulnerability. Successful exploitation could lead to privilege escalation. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability...
Security Advisory March 2025 Ivanti Neurons for MDM (N-MDM)
Summary Ivanti has released updates for Ivanti Neurons for MDM N-MDM which addresses a medium severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: Description| CVSS Score Severity| CVSS Vector| CWE...
N-MDM - Security Advisory Ivanti Neurons for MDM (N-MDM)
Summary Ivanti has released updates for Ivanti Neurons for MDM N-MDM which addresses a medium severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: Description | CVSS Score Severity | CVSS Vector | CWE...
Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-47908, CVE-2024-11771)
Summary Ivanti has released updates for Ivanti Cloud Services Application CSA which addresses critical and medium severity vulnerabilities. Successful exploitation of CVE-2024-47908 could allow a remote authenticated attacker to achieve remote code execution and CVE-2024-11771 could allow a remot...
Security Advisory Ivanti Avalanche 6.4.7 (Multiple CVEs)
Summary Ivanti has released updates for Ivanti Avalanche which addresses three high severity vulnerabilities. Successful exploitation of CVE-2024-13181 could allow a remote unauthenticated attacker to bypass authentication. CVE-2024-13180 could allow a remote unauthenticated attacker to leak...
Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283)
Update: 21 Jan 2025 Patch Now Available for IPS & ZTA Gateways Summary: Ivanti has released an update that addresses one critical and one high vulnerability in Ivanti Connect Secure, Policy Secure and ZTA Gateways. Successful exploitation of CVE-2025-0282 could lead to unauthenticated remote code...
Security Advisory April 2025 for Ivanti EPM 2024 and EPM 2022 SU6
Security Advisory Ivanti EPM 2022 SU6 and EPM 2024 Multiple CVEs Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses medium and high vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability...
May 2026 Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (Multiple CVEs)
Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile EPMM which addresses five high severity vulnerabilities. We are aware of a very limited number of customers exploited with CVE-2026-6973. Successful exploitation requires Admin authentication. If customers followed Ivanti’s...
August Security Advisory Ivanti Virtual Application Delivery Controller (vADC previously vTM) (CVE-2025-8310)
Summary Ivanti has released updates for Ivanti Virtual Application Delivery Controller vADC, previously Virtual Traffic Manager vTM, which addresses one medium severity vulnerability. Successful exploitation could lead to account takeover. We are not aware of any customers being exploited by this...
April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457)
This advisory has been updated to make it clear the vulnerability was fully patched in Ivanti Connect Secure released February 11, 2025. Update April 23, 2025: This advisory has been updated to reflect changes to the Ivanti Policy Secure Versioning and the affected release date. Update May 14,...
May 2026 Security Advisory Ivanti Secure Access Client (CVE-2026-7431, CVE-2026-7432)
Update 22 May: CVE-2026-8992 has been added to Vulnerability Details Summary Ivanti has released updates for the Ivanti Secure Access Client which addresses one medium severity vulnerability and two High severity vulnerabilities. We are not aware of any customers being exploited by these...
Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)
Ivanti has released updates for Endpoint Manager Mobile EPMM which addresses one medium and one high severity vulnerability. When chained together, successful exploitation could lead to unauthenticated remote code execution. We are aware of a very limited number of customers whose solution has be...
Security Advisory Ivanti DSM (CVE-2026-3483)
Security Advisory Ivanti DSM CVE-2026-3483 Summary Ivanti has released an update for Ivanti Desktop and Server Management DSM which addresses one high severity vulnerability. Successful exploitation could allow an attacker to elevate their local privileges. We are not aware of any customers being...
Security Advisory EPM February 2026 for EPM 2024
Update 18 Feb: Added FAQ on patching Agents. Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one high severity vulnerability and one medium severity vulnerability. Successful exploitation could allow a remote authenticated attacker to leak arbitrary data or...
Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2025-6770, CVE-2025-6771)
Security Advisory Ivanti Endpoint Manager Mobile EPMM CVE-2025-6770, CVE-2025-6771 Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile which addresses two high severity vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of...
SA40021 - GHOST glibc gethostbyname() buffer overflow (CVE-2015-0235)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A buffer overflow vulnerability has been discovered in the glibc library. This issue is known as CVE-2015-0235 and is commonly referred to as "GHOST". The issue was found in the...
Security Advisory Ivanti Endpoint Manager (EPM) May 2026
Security Advisory Ivanti Endpoint Manager EPM CVE-2026-8109, CVE-2026-8110, CVE-2026-811 Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one Medium severity and two High severity vulnerabilities. Successful exploitation could lead to information disclosure, privile...
SA40005 - Details on fixes for OpenSSL Heartbleed issue (CVE-2014-0160)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This article provides detailed information related to the fixes for OpenSSL "Heartbleed" issue CVE-2014-0160 for PCS/PPS products. The following PCS versions are vulnerable to the...
SA40100 - [Pulse Secure] December 3rd 2015 OpenSSL Security Advisory
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On December 3rd, 2015 the OpenSSL project announced a group of new security advisories. These issues may affect Pulse Secure products. The OpenSSL advisory can be found at the followin...
Is Ivanti IPCM voice vulnerable to CVE-2021-44228 Java logging library (log4j)
Last Modified Date Dec 20, 2021 2:55:48 PM...
SA40002 - [Pulse Secure] June 11th 2015 OpenSSL Security Advisory
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On June 11th, 2015 the OpenSSL project announced a group of new security advisories. These issues may affect Pulse Secure products. The OpenSSL advisory can be found at the following...
CVE-2023-35082 – Remote Unauthenticated API Access Vulnerability
DESCRIPTION: Update: Since originally reporting CVE-2023-35082 on 2 August 2023 at 10:00 MDT, Ivanti has continued its investigation and has found that this vulnerability impacts all versions of Ivanti Endpoint Manager Mobile EPMM 11.10, 11.9 and 11.8 and MobileIron Core 11.7 and below. The risk ...
SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple vulnerabilities were discovered and have been resolved in Pulse Connect Secure PCS and Pulse Policy Secure PPS. This includes an authentication by-pass vulnerability that can...
CVE‑2026‑49975 – HTTP/2 Denial of Service Vulnerability
Status: EPMM unaffected Summary: CVE‑2026‑49975 is a denial‑of‑service DoS vulnerability affecting HTTP/2 implementations in several web servers. The issue allows an unauthenticated attacker to exhaust server memory using specially crafted HTTP/2 requests. EPMM / Sentry rely on Apache Tomcat for...
August Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (Multiple CVEs)
Summary Ivanti has released updates for Ivanti Connect Secure which addresses medium, high, and critical vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Description | CVSS Score Severity |...
Security Advisory May 2025 Ivanti Neurons for MDM (N-MDM)
Update 5 August, 2025: Added additional information on security issue fixed in R114. Summary Ivanti has released updates for Ivanti Neurons for MDM N-MDM which addresses two medium severity vulnerabilities. Successful exploitation could allow a remote unauthenticated attacker to edit or delete...
SA44784 - 2021-04: Out-of-Cycle Advisory: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4
Multiple vulnerabilities were discovered and have been resolved in Pulse Connect Secure PCS. This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. Many of these vulnerabilities...
Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-11639, CVE-2024-11772, CVE-2024-11773)
Summary Ivanti has released updates for Ivanti Cloud Services Application which addresses medium, high and critical vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Description | CVSS Score...
Security Advisory May 2024
Vulnerabilities have been discovered in the following Ivanti solutions and fixes are available now. Please review the knowledge base article for the associated solution for detailed information on how to remediate the weaknesses. Update October 1 : Ivanti has confirmed exploitation of...
Security Advisory - Avalanche CVE-2023-38036
Last Modified Date Mar 8, 2024 4:49:43 PM...
Security Advisory - Ivanti Xtraction (CVE-2026-8043)
Summary Ivanti has released an update for Ivanti Xtraction which addresses one Critical severity vulnerability. Successful exploitation could lead to sensitive information disclosure and client-side attacks. We are not aware of any customers being exploited by this vulnerability at the time of...
Security Advisory Ivanti Workspace Control (CVE-2025-5353, CVE- CVE-2025-22463, CVE-2025-22455)
Summary Ivanti has released updates for Ivanti Workspace Control which address three high severity vulnerabilities. Successful exploitation could lead to credential compromise. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability...
Security Advisory EPM January 2025 for EPM 2024 and EPM 2022 SU6
Update Regarding Ivanti EPM Endpoint Manager Downloads As part of our ongoing efforts to enhance your experience and streamline our processes we have migrated the software downloads from the Ivanti Community to the Ivanti License System ILS. You will continue to use your current Ivanti Single...
SA44193 - 2019-06: Out-of-Cycle Advisory: Multiple Linux Kernel and FreeBSD vulnerabilities
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On June 17 2019, Netflix announced a group of new security advisories related to Linux Kernel and FreeBSD. These issues may affect Pulse Secure products. For a list of supported softwa...
Security Bulletin:CVE-2021-44228: MobileIron Remote code injection in Log4j
Affected Versions --- MobileIron Core below Core 11.5 Mobileiron Sentry Sentry 9.13 and 9.14 only Core Connector All Versions Reporting Database RDB All Versions Please Note Ivanti has tested the mitigation for the vulnerability on supported versions of the product. While it may be possible to...
May 2026 Security Advisory Ivanti Virtual Traffic Manager (vTM) (CVE-2026-8051)
Summary Ivanti has released updates for Ivanti Virtual Traffic Manager which addresses one High severity vulnerability. Successful exploitation could lead to admin authenticated remote code execution. We are not aware of any customers being exploited by this vulnerability at the time of disclosur...
July Security Advisory Ivanti Connect Secure and Ivanti Policy Secure (Multiple CVEs)
Ivanti has released updates for Ivanti Connect Secure ICS and Ivanti Policy Secure IPS, which address medium severity vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Description | CVSS Score...
KB Possible Remote Exploit in ApacheMQ pertaining to OpenWire Module
Last Modified Date Mar 8, 2024 8:18:58 PM...
SA44516 - 2020-07: Security Bulletin: Multiple Vulnerabilities Resolved in Pulse Connect Secure / Pulse Policy Secure 9.1R8
Problem This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.1R8 and Pulse Policy Secure 9.1R8. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? per our End of Engineering EOE and End of Life EOL...
SA44601 - 2020-10: Security Bulletin: Multiple Vulnerabilities Resolved in Pulse Connect Secure / Pulse Policy Secure / Pulse Secure Desktop Client 9.1R9
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.1R9, Pulse Policy Secure 9.1R9 and Pulse Secure Desktop Client 9.1R9. Refer to KB438...
SA-2023-07-19-CVE-2023-35077
SECURITY ADVISORY 07-19-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for Ivanti Antivirus Security Content version 7.94791 and all previous versions. Updating to Ivanti Antivirus Product version 7.9.1.285 will allow the Security Content version to update ...
JSA10648 - 2014-09 Out of Cycle Security Bulletin: Multiple Products: Shell Command Injection Vulnerability in Bash
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Bash or the Bourne again shell has vulnerabilities in the way it handles environment variables when it is invoked. Under some scenarios, network based remote attackers can inject shell...
SA40202 - [Pulse Secure] May 3rd 2016 OpenSSL Security Advisory
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On May 3rd, 2016 the OpenSSL project announced new security advisories. This OpenSSL advisory can be found at the following link: https://openssl.org/news/secadv/20160503.txt Pulse Secu...
SA40015 - OpenSSL security advisory for January 8th, 2015 (including SSL "FREAK" issue)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On January 8th 2015, the OpenSSL project released a security advisory. This advisory included eight 8 new CVEs. This article will describe the vulnerability and fix status for the Puls...
SA40168 - [Pulse Secure] March 1st 2016 OpenSSL Security Advisory
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On March 1st 2016 the OpenSSL project announced new security advisories. These issues may affect Pulse Secure products. The OpenSSL advisory can be found at the following link:...
SA40312 - September 22 2016 OpenSSL Security Advisory
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On September 22, 2016 the OpenSSL project announced a group of new security advisories. These issues affect all supported versions of Pulse Secure products. For a list of supported...
SA44440 - April 21 2020 OpenSSL Security Advisory
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On April 21 2020, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. Refer to KB43892 - What releases will Pulse Secure apply fixes to...
SA45100 - CVE-2022-0778-OpenSSL-Vulnerability may lead to DoS attack
CVE-2022-0778 A vulnerability has been reported on the 15th of March 2022 under https://nvd.nist.gov/vuln/detail/CVE-2022-0778 Description - A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid explicit curve parameters. More details...
SA44858 - 9.1R12 Security Fixes
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Resolutions for Pulse Connect Secure CVEs Issue: As part of a rigorous code review that we have undertaken in close partnership with industry-leading third-party experts, we have...