286 matches found
Security Advisory EPM January 2025 for EPM 2024 and EPM 2022 SU6
Update Regarding Ivanti EPM Endpoint Manager Downloads As part of our ongoing efforts to enhance your experience and streamline our processes we have migrated the software downloads from the Ivanti Community to the Ivanti License System ILS. You will continue to use your current Ivanti Single...
N-MDM -- Impact of CVE-2024-4603 on N-MDM and N-MDM connector
Issue Summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...
SA40886 - ssl3_read_bytes Function Denial of Service Vulnerability (CVE-2016-8610)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A denial of service flaw due to improperly handling of warning packets during a TLS/SSL connection handshake. A remote attacker could use this flaw to consume an excessive amount of CPU...
JSA10544 - 2012-11 Security Bulletin: Steel-Belted Radius: Multiple OpenSSL Vulnerabilities
Problem OpenSSL software distributed with Steel-Belted Radius is vulnerable to CVE-2011-4619, and CVE-2011-4576. These may allow decrypting encrypted information or cause a denial of service condition for the Steel-Belted Radius server. CVE-2011-4576 The SSL 3.0 implementation in OpenSSL before...
JSA10591 - 2013-09 Security Bulletin: Pulse Connect Secure and Pulse Policy Secure: Multiple OpenSSL vulnerabilities
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple OpenSSL vulnerabilities have been found in the PCS and PPS devices. CVE| Issue| CVE Description| CVSS Score ---|---|---|--- CVE-2012-2131| OpenSSL buffer overflow issue| Multip...
SA40018 - System vulnerability issue in terms of CVE-2011-3188
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This article describes the issue of System vulnerability, which is related to CVE-2011-3188. Customer used security audit tools to verify if PCS is vulnerable and it reported the...
SA44019 - February 26 2019 OpenSSL Security Advisory
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On February 26 2019, the OpenSSL project announced a group of new security advisories. These issues may affect Pulse Secure products. Refer to KB43892 - What releases will Pulse Secure...
SA-2023-07-19-CVE-2023-35077
SECURITY ADVISORY 07-19-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for Ivanti Antivirus Security Content version 7.94791 and all previous versions. Updating to Ivanti Antivirus Product version 7.9.1.285 will allow the Security Content version to update ...
JSA10569 - 2013-05 Security Bulletin: Steel Belted Radius: OpenSSL vulnerability CVE-2012-2110
Problem OpenSSL software provided with Steel-Belted Radius SBR Enterprise is vulnerable to CVE-2012-2110. This may allow code execution type of attacks using crafted certificates. Related Links Acknowledgements Risk Level High Risk Assessment Workaround There are no known workarounds that can...
SA40003 - [Pulse Secure] July 9th 2015 OpenSSL Security Advisory (CVE-2015-1793)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On July 9th, 2015 the OpenSSL project announced a new high severity security advisory Alternative chains certificate forgery CVE-2015-1793. This issue does not affect Pulse Secure...
JSA10396 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - OpenSSL - Incorrect checks for malformed signatures on DSA and ECDSA keys used with SSL/TLS on backend servers. CVE-2008-5077.
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Several functions inside OpenSSL incorrectly checked the result after calling the EVPVerifyFinal function, allowing a malformed signature to be treated as a good signature rather than ...
SA40001 - [Pulse Secure] OpenSSL security advisory for March 19th, 2015
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On March 19th the OpenSSL project released a new security advisory. This advisory can be viewed here: http://openssl.org/news/secadv20150319.txt All products are not vulnerable to the...
SA40161 - [Pulse Secure] glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A buffer overflow issue was found in the glibc library. This issue was originally publicized via this post:...
SA43730 - 2018-04 Security Bulletin: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0R1 and vTM 18.1
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.0R1, Pulse Policy Secure 9.0R1 and Virtual Traffic Manager 18.1 releases. Refer to...
SA45470 - OpenSSL Security Advisory CVE-2021-4154
Last Modified Date Apr 21, 2025 9:02:45 AM...
CVE-2022-0185
Affected Version| - None of MobileIron Core - None of MobileIron Sentry - None of MobileIron Connector ---|--- Question: Are Mobileiron Products vulnerable to CVE-2022-0185 MobileIron server products are not affected. This issue affects the Linux kernel packages as shipped with Red Hat...
Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-10727)
Update 11 June: FAQ Updated Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile EPMM which addresses one high severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details CVE Number | Descriptio...
Security Advisory July 2025 for Ivanti EPM 2024 SU2 and EPM 2022 SU8
Security Advisory Ivanti EPM 2022 SU8 and EPM 2024 SU2 Multiple CVEs Summary Ivanti has released updates for Ivanti Endpoint Manager EPM which addresses three high severity vulnerabilities. The Security vulnerability affects the Core, Remote Consoles and Windows agents. We are not aware of any...
Security Advisory Ivanti CSA (Cloud Services Application) (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)
Summary Ivanti has released updates for Ivanti CSA Cloud Services Application which addresses a medium severity and two high severity vulnerabilities. Successful exploitation could lead to an attacker with admin privileges to bypass restrictions, run arbitrary SQL statements or obtain remote code...
Security Advisory Ivanti Avalanche 6.4.4 (CVE-2024-38652, CVE-2024-38653, CVE-2024-36136, CVE-2024-37399, CVE-2024-37373)
Ivanti has released updates for Ivanti Avalanche, in version 6.4.4, which addresses high severity vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Description | CVSS Score Severity | CVSS...
KB Security Advisory EPM May 2024
Last Modified Date Apr 21, 2025 4:11:34 PM...
SA40140 - Pulse Secure response to CVE-2016-0777 and CVE-2016-0778
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. OpenSSH has announced two security issues: CVE-2016-0777 and CVE-2016-0778 CVE-2016-0777 CVE-2016-0778 Pulse Secure products are not vulnerable to CVE-2016-0777 and CVE-2016-0778. Our...
SA44858 - 9.1R12 Security Fixes
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Resolutions for Pulse Connect Secure CVEs Issue: As part of a rigorous code review that we have undertaken in close partnership with industry-leading third-party experts, we have...
Impact of CVE-2023-22809 on EPMM, Sentry and Connector
Last Modified Date Mar 8, 2024 8:33:11 PM...
SA40196 - [Pulse Secure] Badlock security advisory (CVE-2016-2118)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The Samba team has released 8 new security advisories. The issue known as "Badlock" was included in this new group of issues. CVE-2016-2118 SAMR and LSA man in the middle attacks possib...
Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523)
Last Modified Date Jun 16, 2026 12:48:48 AM...
Avalanche 6.4.2 Security Hardening and CVEs addressed
Avalanche 6.4.2 has addressed some new security hardening in our 2023 Quarter 4 release. To address the security vulnerabilities listed below, it is highly recommended to download the Avalanche installer and udpate to the latest Avalanche 6.4.2. The installation will apply a fix for each CVE list...
CVE-2023-38041 New client side release to address a privilege escalation on Windows user machines
Summary A vulnerability exists on all versions of the Ivanti Secure Access Client Below 22.6R1 that would allow an unprivileged local user to gain unauthorized elevated privileges on the affected system. Mitigation Currently None Resoluiton To resolve the below mentioned vulnerability upgrade you...
SA43903 - Response to SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. SegmentSmack CVE-2018-5390 and FragmentSmack CVE-2018-5391 are described as a TCP implementation denial of service vulnerability. A remote attacker can send crafted sequences of TCP/IP...
Security Advisory Ivanti Sentry (CVE-2024-8540)
Security Advisory Ivanti Sentry CVE-2024-8540 Summary Ivanti has released updates for Ivanti Sentry which addresses one high severity vulnerability. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Descriptio...
Security fixes included in the latest Ivanti Secure Access Client Release
Description Resolutions for Pulse Desktop Client and the Ivanti Secure Access Client Issues: As part of Ivanti’s commitment to continuous security hardening the following vulnerabilities have been discovered and resolved. To our knowledge, none of the CVEs identified in this review have been...
SA45476 - Client Side Desync Attack (Informational)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Portswigger has provided a responsible disclosure of a vulnerability that affects the Pulse Collaboration feature. Their write up can be found here:...
SAML 2.0 SP signature validation behaviour from ICS 25.1.3.0
Last Modified Date Jul 3, 2026 11:45:26 AM...
Security Advisory - Ivanti Security Controls (ISeC) (CVE-2024-10251)
Security Advisory Ivanti Security Controls iSec CVE-2024-10251 Summary Ivanti has released an update for the Ivanti Security Controls console which addresses one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being...
Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs)
Summary Ivanti has released updates for Ivanti Connect Secure ICS,Ivanti Policy Secure IPS and Ivanti Secure Access Client ISAC which addresses medium, high and critical vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure...
Security Advisory Ivanti Avalanche (Multiple CVEs) - Q4 2024 Release
Summary Ivanti has released updates for Ivanti Avalanche which addresses five high severity vulnerabilities. Successful exploitation could lead to denial of service to legitimate users or leaking of sensitive information. We are not aware of any customers being exploited by these vulnerabilities ...
Impact Of CVE-2025-55752 And CVE-2025-55754 On EPMM, Sentry, Connector
Last Modified Date Oct 31, 2025 3:15:00 PM...
Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2024-7612)
Summary: Ivanti has released updates for Ivanti EPMM which addresses a high severity vulnerability. Successful exploitation could lead to an authenticated attacker accessing or modifying configuration files. We are not aware of any customers being exploited by these vulnerabilities at the time of...
Security Advisory: Ivanti Neurons for ITSM (CVE-2024-7569, CVE-2024-7570)
Ivanti has released updates for Ivanti Neurons for ITSM which addresses a critical severity vulnerability and a high severity vulnerability. Please note: the patch has been applied to all Ivanti Neurons for ITSM Cloud landscapes as of August 4. No further action is needed for cloud customers, we...
Security Advisory CVE-2024-37403 (Dirty Stream) for Ivanti Docs@Work for Android
Last Modified Date Jul 17, 2024 2:20:01 PM...
Security patch release - Ivanti Connect Secure 22.6R2 and 22.6R2.1
Resolutions for Ivanti Connect Secure Security Issues: As part of Ivanti's commitment to continuous security hardening, Ivanti has released a security update for Ivanti Connect Secure. This update resolves important vulnerabilities. To our knowledge, none of the CVEs identified in this review hav...
Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614)
Ivanti has released updates for Ivanti Neurons for ITSM which addresses one high severity vulnerability. Successful exploitation could lead to authenticated privilege escalation to an administrator. We are not aware of any customers being exploited by this vulnerability at the time of disclosure...
Impact Of CVE-2025-32462, CVE-2025-32463 On Ivanti EPMM and Sentry
Last Modified Date Oct 16, 2025 7:23:33 PM...
Security Advisory Ivanti Cloud Services Application (CVE-2025-22460)
Summary: Ivanti has released updates for Ivanti Cloud Services Application which addresses one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by this vulnerability at the time of disclosure...
Security Advisory Velocity License Server (CVE-2024-9167)
Summary Ivanti has released updates for the Velocity License Server which addresses a high-severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability...
Security Advisory Ivanti Workspace Control (IWC)
Summary Ivanti has released a version of a new product architecture for Ivanti Workspace Control IWC which addresses high and critical vulnerabilities. Successful exploitation could lead to an escalation of privileges and lateral movement. IWC is intended to be a non-internet facing product, and...
Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190)
Summary Ivanti has released a security update for Ivanti CSA 4.6 which addresses a high severity vulnerability. Successful exploitation could lead to unauthorized access to the device running the CSA. Dual-homed CSA configurations with eth0 as an internal network, as recommended by Ivanti, are at...
Security Advisory EPM September 2024 for EPM 2024 and EPM 2022
Update Regarding Ivanti EPM Endpoint Manager Downloads As part of our ongoing efforts to enhance your experience and streamline our processes we have migrated the software downloads from the Ivanti Community to the Ivanti License System ILS. You will continue to use your current Ivanti Single...
Avalanche 6.4.3.602 - additional security hardening and CVE fixed
Last Modified Date Aug 16, 2024 6:00:39 PM...
SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow), CVE-2024-22023 (XML entity expansion or XXE) and CVE-2024-29205 for Ivanti Connect Secure and Ivanti Policy Secure Gateways
Vulnerabilities have been discovered in Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways and a patch is available now. These vulnerabilities impact all supported versions – Version 9.x and 22.x refer to Granular Software Release EOL Timelines and...