Experts have discovered a third Server Side Request Forgery (SSRF) vulnerability in Ivanti products. This is a serious security issue for corporate VPN devices. The new vulnerability allows unauthorized access to restricted resources that were available only after authentication. Ivanti SSRF Vulnerability Exploited Ivanti, a renowned corporate VPN appliance provider, has issued a warning regarding… Continue reading Third Ivanti VPN Vulnerability Under Massive Exploitation
Tag: Ivanti
Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild
Ivanti issued an alert about its Connect Secure VPN appliances. Advanced threat actors are exploiting two zero-day vulnerabilities in cyberattacks, possibly including state-sponsored groups. That is yet another vulnerability in Ivanti software. Ivanti Connect Secure Zero-Day Exploited Ivanti, a prominent software company, recently issued a critical alert concerning its Connect Secure VPN appliances. These devices… Continue reading Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild
Ivanti EPMM Vulnerability Patch is Vulnerable
Ivanti, the provider of a wide range of management solutions for corporations, have apparently taken up the baton from Ipswich, the vendor of an infamous MOVEit MFT. Analysts discovered 2 severe vulnerabilities in its EPMM over the last 10 days, and the company released urgent fixes. However, the patch for the CVE-2023-35078 appears to be… Continue reading Ivanti EPMM Vulnerability Patch is Vulnerable
The Second Exploit in Ivanti EPMM in a Week
Ivanti has once again encountered an error that affects and corrects its Endpoint Manager software. This is despite the fact that Ivanti had eliminated a zero-day vulnerability that targeted the same product a few days before. Analysts found new vulnerability in Ivanti EPMM Currently, two vulnerabilities are being actively exploited by malicious cyber actors. It… Continue reading The Second Exploit in Ivanti EPMM in a Week
Ivanti 0-day exploited to target Norwegian government
Software development company Ivanti (formerly MobileIron Core) has patched a zero-day vulnerability that allowed authentication bypass. This vulnerability had a maximum CVSS level and was actively exploited to gain unauthorized access. What is Ivanti Company? Ivanti is an IT software company headquartered in Utah, United States. It produces a variety of IT management and security… Continue reading Ivanti 0-day exploited to target Norwegian government