Wed Sep 11 09:19:00 UTC 2024: ## Ivanti Patches Critical Flaw in Endpoint Management Software

**[City, State] – September 11, 2024** – Ivanti, a leading provider of endpoint management solutions, has released security updates to address multiple critical vulnerabilities in its Endpoint Management software (EPM). The most severe flaw, tracked as CVE-2024-29847, could allow attackers to achieve remote code execution on the core server.

The vulnerability, a deserialization of untrusted data issue residing in the agent portal, could be exploited by remote, unauthenticated attackers.

Ivanti has also patched several critical SQL injection vulnerabilities (CVSS scores of 9.1) that could allow a remote authenticated attacker with administrative privileges to execute arbitrary code on the core server.

These vulnerabilities affect Ivanti Endpoint Manager versions 2024 and 2022 SU5 and earlier. Versions 2024 with the Security Patch (July and September updates applied), 2024 SU1 (to be released), and 2022 SU6 have addressed the issues.

While Ivanti is not aware of any attacks exploiting these vulnerabilities in the wild, they urge users to apply the necessary updates immediately to protect their systems.

**”We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure,”** the company stated in its advisory.

Administrators of Ivanti EPM are advised to download and install the latest security updates as soon as possible.

Read More