Ivanti EPM
CISA: Recently patched Ivanti EPM flaw now actively exploited
CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks. Ivanti’s EPM software is an all-in-one endpoint management solution for managing client devices across Windows, macOS, Linux, Chrome OS, and IoT platforms. Tracked as CVE-2026-1603, this security flaw can be exploited […]
Ivanti warns of critical Endpoint Manager code execution flaw
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. Ivanti delivers system and IT asset management solutions to over 40,000 companies via a network of more than 7,000 organizations worldwide. The company’s EPM software is an […]
CISA tags critical Ivanti EPM flaws as actively exploited in attacks
CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. The three flaws (CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161) are due to absolute path traversal weaknesses that can let remote unauthenticated attackers fully compromise vulnerable servers. They were reported in October by Horizon3.ai vulnerability researcher Zach Hanley and patched by […]
Critical Ivanti RCE flaw with public exploit now used in attacks
CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks. Ivanti EPM is an all-in-one endpoint management solution that helps admins manage client devices on various platforms, including Windows, macOS, Chrome OS, and IoT operating systems. Tracked […]