active•Mar 9, 2026, 12:00 AM•CVE-2026-1603
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-03-23.
active•Jan 29, 2026, 10:15 PM•CVE-2026-1340
endpoint manager mobile vulnerability (CVE-2026-1340)
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.
active•Jan 29, 2026, 12:00 AM•CVE-2026-1281
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-02-01.
active•May 19, 2025, 12:00 AM•CVE-2025-4428
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2025-06-09.
active•May 19, 2025, 12:00 AM•CVE-2025-4427
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2025-06-09.
active•Apr 4, 2025, 12:00 AM•CVE-2025-22457
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. Known ransomware use: Known.
Apply mitigations as set forth in the CISA instructions linked below. Due date: 2025-04-11.
active•Mar 10, 2025, 12:00 AM•CVE-2024-13160
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2025-03-31.
active•Mar 10, 2025, 12:00 AM•CVE-2024-13159
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2025-03-31.
active•Mar 10, 2025, 12:00 AM•CVE-2024-13161
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2025-03-31.
active•Jan 8, 2025, 12:00 AM•CVE-2025-0282
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. Known ransomware use: Known.
Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service. Due date: 2025-01-15.
active•Oct 9, 2024, 12:00 AM•CVE-2024-9380
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
As Ivanti CSA 4.6.x has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line, or later, of supported solution. Due date: 2024-10-30.
active•Oct 9, 2024, 12:00 AM•CVE-2024-9379
Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability
Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.
As Ivanti CSA 4.6.x has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line, or later, of supported solution. Due date: 2024-10-30.
active•Oct 2, 2024, 12:00 AM•CVE-2024-29824
Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability
Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-10-23.
active•Sep 24, 2024, 12:00 AM•CVE-2024-7593
Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-10-15.
active•Sep 19, 2024, 12:00 AM•CVE-2024-8963
Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability
Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.
As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates. Due date: 2024-10-10.
active•Sep 13, 2024, 12:00 AM•CVE-2024-8190
Ivanti Cloud Services Appliance OS Command Injection Vulnerability
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates. Due date: 2024-10-04.
active•Mar 25, 2024, 12:00 AM•CVE-2021-44529
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody). Known ransomware use: Known.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-04-15.
active•Jan 31, 2024, 12:00 AM•CVE-2024-21893
Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication. Known ransomware use: Known.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-02-02.
active•Jan 18, 2024, 12:00 AM•CVE-2023-35082
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application. Known ransomware use: Known.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-02-08.
active•Jan 10, 2024, 12:00 AM•CVE-2023-46805
Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability. Known ransomware use: Known.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-01-22.
