BlogsIvanti Patches Critical EPM Authentication Bypass Flaws

Ivanti Patches Critical EPM Authentication Bypass Flaws

Ivanti addresses four critical EPM vulnerabilities (CVSS 9.8) affecting authentication and information disclosure, along with additional Avalanche and ACE security patches

Overview

Ivanti has released critical security updates addressing four severe vulnerabilities in Endpoint Manager (EPM) with a CVSS score of 9.8. The company has proactively patched these flaws along with additional issues in Avalanche and Application Control Engine products. No active exploitation

Whom it may concern

  • Enterprise IT Security teams
  • Ivanti EPM administrators
  • Security operations personnel
  • Compliance officers managing endpoint security

Key Findings

  1. Critical authentication bypass vulnerabilities affecting EPM versions 2024 and 2022
  1. Patches available through January-2025 Security Updates
  1. Multiple high-severity issues in Avalanche (pre-6.4.7) and ACE (pre-10.14.4.0)
  1. Enhanced internal security testing procedures implemented

Action Items

  • Immediately update EPM to January-2025 Security Update
  • Deploy Avalanche version 6.4.7 or newer
  • Upgrade ACE to version 10.14.4.0
  • Review system logs for potential compromise indicators
  • Implement enhanced access controls

Sources

  • [The Hacker News](https://thehackernews.com/2025/01/researcher-uncovers-critical-flaws-in.html)
Share this article

Stay up to date

Join my community and receive the latest risk news and trends.

ResourcesLegal