Flaws in third-party components Ivanti notes that the vulnerabilities are located in two open-source libraries used in the product. Because the flaws have not…
Tag:
Ivanti
-
-
“The vulnerability is a buffer overflow with a limited character space, and therefore it was initially believed to be a low-risk denial-of-service vulnerability,” incident…
-
Credential coercion Hanley described the flaws as credential coercion issues because they could allow unauthenticated attackers to coerce the Ivanti EPM machine account credential…
-
HackingNewsSecurity
Ivanti zero-day exploited by APT group that previously targeted Connect Secure appliances
Researchers from Google’s Mandiant division believe the critical remote code execution vulnerability patched on Wednesday by software vendor Ivanti has been exploited since mid-December…
-
NewsPhysical SecuritySecurity
Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day
IT software provider Ivanti released patches Wednesday for its Connect Secure SSL VPN appliances to address two memory corruption vulnerabilities, one of which has…
-
CISA has added the vulnerability to its Known Exploited Vulnerability (KEV) Catalogue. EPM raked with RCE flaws The 2022 and prior releases of Ivanti’s…