Security Advisory - Ivanti Security Controls (ISeC) (CVE-2024-10251)

Security Advisory Ivanti Security Controls iSec CVE-2024-10251 Summary Ivanti has released an update for the Ivanti Security Controls console which addresses one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being...

Security Advisory Ivanti Desktop and Server Management (DSM) (CVE-2024-7572)

Summary Ivanti has released updates for Ivanti Desktop and Server Management which addresses one high severity vulnerability. Successful exploitation could lead to local arbitrary file deletion. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure...

Security Advisory Ivanti Sentry (CVE-2024-8540)

Security Advisory Ivanti Sentry CVE-2024-8540 Summary Ivanti has released updates for Ivanti Sentry which addresses one high severity vulnerability. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Descriptio...

December 2024 Security Advisory Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) (Multiple CVEs)

Ivanti has released updates for Ivanti Connect Secure and Ivanti Policy Secure which addresses high and critical severity vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: Important: Unless the CVE...

Security Advisory Ivanti Patch SDK (CVE-2024-10256)

Summary Ivanti has released updates for Ivanti Patch SDK which addresses a high severity vulnerability. Successful exploitation could lead to local arbitrary file deletion. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. NOTE: This article has be...

Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-11639, CVE-2024-11772, CVE-2024-11773)

Summary Ivanti has released updates for Ivanti Cloud Services Application which addresses medium, high and critical vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Description | CVSS Score...

December 2024 Security Advisory Ivanti Application Control (CVE-2024-11598)

Summary Ivanti has released updates for Ivanti Application Control which address one high severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: CVE Number| Description| CVSS Score Severity| CVSS Vector| CW...

December 2024 Security Advisory Ivanti Automation (CVE-2024-9845)

Summary Ivanti has released updates for Automation which addresses one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: CVE Numbe...

December 2024 Security Advisory Ivanti Workspace Control (IWC) (CVE-2024-8496)

Summary Ivanti has released updates for Workspace Control which addresses one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: CV...

Security Advisory EPM November 2024 for EPM 2024 and EPM 2022 SU6

Update Regarding Ivanti EPM Endpoint Manager Downloads As part of our ongoing efforts to enhance your experience and streamline our processes we have migrated the software downloads from the Ivanti Community to the Ivanti License System ILS. You will continue to use your current Ivanti Single...

Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs)

Summary Ivanti has released updates for Ivanti Connect Secure ICS,Ivanti Policy Secure IPS and Ivanti Secure Access Client ISAC which addresses medium, high and critical vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure...

Security Advisory Ivanti Avalanche (Multiple CVEs) - Q4 2024 Release

Summary Ivanti has released updates for Ivanti Avalanche which addresses five high severity vulnerabilities. Successful exploitation could lead to denial of service to legitimate users or leaking of sensitive information. We are not aware of any customers being exploited by these vulnerabilities ...

Security Advisory Ivanti CSA (Cloud Services Application) (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)

Summary Ivanti has released updates for Ivanti CSA Cloud Services Application which addresses a medium severity and two high severity vulnerabilities. Successful exploitation could lead to an attacker with admin privileges to bypass restrictions, run arbitrary SQL statements or obtain remote code...

Security Advisory Velocity License Server (CVE-2024-9167)

Summary Ivanti has released updates for the Velocity License Server which addresses a high-severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability...

Security Advisory Ivanti Connect Secure and Policy Secure (CVE-2024-37404)

Summary Ivanti has released updates for Ivanti Connect Secure and Policy Secure which addresses a critical vulnerability. Successful exploitation could allow a remote authenticated attacker to achieve remote code execution. We are not aware of any customers being exploited by this vulnerability a...

Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2024-7612) 

Summary: Ivanti has released updates for Ivanti EPMM which addresses a high severity vulnerability. Successful exploitation could lead to an authenticated attacker accessing or modifying configuration files. We are not aware of any customers being exploited by these vulnerabilities at the time of...

Ivanti Avalanche 6.4.5 Security Advisory (Multiple CVE's)

Summary Ivanti has released updates for Ivanti Avalanche which addresses high severity vulnerabilities. Successful exploitation could lead to information disclosure, authentication bypass or denial of service. We are not aware of any customers being exploited by these vulnerabilities at the time ...

Security Advisory Ivanti CSA 4.6 (Cloud Services Appliance) (CVE-2024-8963)

Summary Ivanti is disclosing a critical vulnerability in Ivanti CSA 4.6 which was incidentally addressed in the patch released on 10 September CSA 4.6 Patch 519. Successful exploitation could allow a remote unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in...

Security Advisory Ivanti Workspace Control (IWC)

Summary Ivanti has released a version of a new product architecture for Ivanti Workspace Control IWC which addresses high and critical vulnerabilities. Successful exploitation could lead to an escalation of privileges and lateral movement. IWC is intended to be a non-internet facing product, and...

Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190)

Summary Ivanti has released a security update for Ivanti CSA 4.6 which addresses a high severity vulnerability. Successful exploitation could lead to unauthorized access to the device running the CSA. Dual-homed CSA configurations with eth0 as an internal network, as recommended by Ivanti, are at...

Security Advisory EPM September 2024 for EPM 2024 and EPM 2022

Update Regarding Ivanti EPM Endpoint Manager Downloads As part of our ongoing efforts to enhance your experience and streamline our processes we have migrated the software downloads from the Ivanti Community to the Ivanti License System ILS. You will continue to use your current Ivanti Single...

N-MDM -- Impact of CVE-2024-4603 on N-MDM and N-MDM connector

Issue Summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

Security Advisory: Ivanti Neurons for ITSM (CVE-2024-7569, CVE-2024-7570)

Ivanti has released updates for Ivanti Neurons for ITSM which addresses a critical severity vulnerability and a high severity vulnerability. Please note: the patch has been applied to all Ivanti Neurons for ITSM Cloud landscapes as of August 4. No further action is needed for cloud customers, we...

Security Advisory Ivanti Avalanche 6.4.4 (CVE-2024-38652, CVE-2024-38653, CVE-2024-36136, CVE-2024-37399, CVE-2024-37373)

Ivanti has released updates for Ivanti Avalanche, in version 6.4.4, which addresses high severity vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Description | CVSS Score Severity | CVSS...

Security Advisory: Ivanti Virtual Traffic Manager (vTM ) (CVE-2024-7593)

Last Modified Date Jun 18, 2025 12:05:38 PM...

Security Advisory Ivanti Endpoint Manager for Mobile (EPMM) July 2024

Last Modified Date Oct 16, 2025 7:31:18 PM...

Security Advisory EPM July 2024 for EPM 2024

Last Modified Date Apr 16, 2025 2:50:24 PM...

Security Advisory CVE-2024-37403 (Dirty Stream) for Ivanti Docs@Work for Android

Last Modified Date Jul 17, 2024 2:20:01 PM...

SA-2024-07-12-CVE-2024-38648

SECURITY ADVISORY 07-12-2024 Product Affected: Ivanti Desktop and Server Management A vulnerability was recently discovered in DSM. This vulnerability is remediated in DSM 2024.2. Vulnerability Information CVE | CVSS | Summary | Product Affected ---|---|---|--- CVE-2024-38648 CVE Reserved | 9.0...

SA-2024-07-12-CVE-2024-29821

SECURITY ADVISORY 07-12-2024 Product Affected: Ivanti Desktop and Server Management A vulnerability was recently discovered in DSM. This vulnerability is remediated in DSM 2024.2. Vulnerability Information CVE | CVSS | Summary | Product Affected ---|---|---|--- CVE-2024-29821 CVE Reserved | 7.8...

SA-2024-07-12-CVE-2024-29213

SECURITY ADVISORY 07-12-2024 Product Affected: Ivanti Desktop and Server Management A vulnerability was recently discovered in DSM. This vulnerability is remediated in DSM 2024.2. Vulnerability Information CVE | CVSS | Summary | Product Affected ---|---|---|--- CVE-2024-29213 CVE Reserved | 7.8...

KB Security Advisory EPM May 2024

Last Modified Date Apr 21, 2025 4:11:34 PM...

Security Advisory May 2024

Vulnerabilities have been discovered in the following Ivanti solutions and fixes are available now. Please review the knowledge base article for the associated solution for detailed information on how to remediate the weaknesses. Update October 1 : Ivanti has confirmed exploitation of...

Security Advisory EPMM May 2024

Last Modified Date Jul 19, 2024 3:00:43 PM...

Avalanche 6.4.3.602 - additional security hardening and CVE fixed

Last Modified Date Aug 16, 2024 6:00:39 PM...

SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow), CVE-2024-22023 (XML entity expansion or XXE) and CVE-2024-29205 for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Vulnerabilities have been discovered in Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways and a patch is available now. These vulnerabilities impact all supported versions – Version 9.x and 22.x refer to Granular Software Release EOL Timelines and...

SA: CVE-2023-46808 (Authenticated Remote File Write) for Ivanti Neurons for ITSM

Last Modified Date Apr 4, 2024 4:10:39 PM...

Avalanche 6.4.3 Security Hardening and CVEs addressed

Avalanche 6.4.3 has addressed some new security hardening and vulnerabilities in our Q1 2024 release. We are not aware of any exploitation of these vulnerabilities at the time of disclosure. To address the security vulnerabilities listed below, it is highly recommended to download the Avalanche...

CVE-2023-41724 (Remote Code Execution) for Ivanti Standalone Sentry

A new vulnerability has been discovered in the Ivanti Standalone Sentry and patches remediating this vulnerability are available now. This vulnerability impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. There is a patch available now via the standard...

[CVE-2024-1597] PostgreSQL - Mobileiron line products (Ivanti EPMM Reporting DB, Ivanti N-MDM/Cloud)

Last Modified Date Mar 8, 2024 9:01:56 PM...

CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure

Executive Summary: As part of the ongoing investigation, we discovered a new vulnerability as part of our internal review and testing of our code, which was also responsibly disclosed by watchTowr. This vulnerability only affects a limited number of supported versions – Ivanti Connect Secure...

CVE-2024-21888 Privilege Escalation for Ivanti Connect Secure and Ivanti Policy Secure 

DESCRIPTION: As part of our ongoing investigation into the vulnerabilities reported on 10 January in Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways, we have discovered new vulnerabilities. These vulnerabilities impact all supported versions – Version 9.x and 22.x refer to Granular...

CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways

DESCRIPTION: Vulnerabilities have been discovered in Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways. These vulnerabilities impact all supported versions – Version 9.x and 22.x refer to Granular Software Release EOL Timelines and Support Matrix...

SA-2023-12-19-CVE-2023-39336

SECURITY ADVISORY 2023-12-19 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU4 and all prior versions. More information can be found here: CVE-2023-39336 Full details Please log into the community to access the full details page. Vulnerability...

Avalanche 6.4.2 Security Hardening and CVEs addressed

Avalanche 6.4.2 has addressed some new security hardening in our 2023 Quarter 4 release. To address the security vulnerabilities listed below, it is highly recommended to download the Avalanche installer and udpate to the latest Avalanche 6.4.2. The installation will apply a fix for each CVE list...

Security patch release - Ivanti Connect Secure 22.6R2 and 22.6R2.1

Resolutions for Ivanti Connect Secure Security Issues: As part of Ivanti's commitment to continuous security hardening, Ivanti has released a security update for Ivanti Connect Secure. This update resolves important vulnerabilities. To our knowledge, none of the CVEs identified in this review hav...

Security Patch Release - Ivanti Policy Secure 22.6R1

Resolutions for Ivanti Policy Secure Security Issues: As part of Ivanti's commitment to continuous security hardening, Ivanti has released a security update for Ivanti Policy Secure. This update resolves a moderate vulnerability. To our knowledge, none of the CVEs identified in this review have...

KB Possible Remote Exploit in ApacheMQ pertaining to OpenWire Module

Last Modified Date Mar 8, 2024 8:18:58 PM...

Security fixes included in the latest Ivanti Secure Access Client Release

Description Resolutions for Pulse Desktop Client and the Ivanti Secure Access Client Issues: As part of Ivanti’s commitment to continuous security hardening the following vulnerabilities have been discovered and resolved. To our knowledge, none of the CVEs identified in this review have been...

CVE-2023-39335 - Certificate creation authentication bypass in UPDATEPROFILE handler

Last Modified Date Dec 11, 2025 1:35:01 PM...