Maximum severity Ivanti EPM flaw patched

Share This Post



Fixes have been issued by Ivanti for a maximum severity flaw impacting its Endpoint Management software, tracked as CVE-2024-29847, which could be leveraged to facilitate remote code execution in and compromise of the EPM core server, BleepingComputer reports.

No active exploitation of the vulnerability, which stemmed from the agent portal’s untrusted data serialization issue, has been observed so far, according to Ivanti, which also patched nearly two dozen other critical and high-severity bugs in EPM, Cloud Service Appliance, and Workspace Control. Ivanti has also touted the implementation of more robust internal scanning, testing, and manual exploitation capabilities to accelerate vulnerability remediation efforts following the recent comprehensive exploitation of zero-days affecting its products. “This has caused a spike in discovery and disclosure, and we agree with CISA’s statement that the responsible discovery and disclosure of CVEs is ‘a sign of healthy code analysis and testing community,” added Ivanti.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Do You Want To Boost Your Business?

drop us a line and keep in touch