Ivanti product CVE coverage from NVD — Connect Secure, EPM, Neurons, and remote-access security advisories.
Vendor watch hub
The Ivantiwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
At a glance
Tracked
Active
Featured
Unique CVEs
Most recent entry
Apr 7, 2026, 7:00 PM
Feed refreshes daily · 5:15 a.m. Central
Sources·CISA KEV and NVD (product vendor coverage)
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations viewIvanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. Known ransomware use: Known.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. Known ransomware use: Known.
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.
Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.
Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.
Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody). Known ransomware use: Known.
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication. Known ransomware use: Known.
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application. Known ransomware use: Known.
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue. Known ransomware use: Known.
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
Ivanti Endpoint Manager Mobile (EPMM) Code Injection VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. Endpoint Manager Mobile (EPMM) | criticalCVE-2026-1340 Critical | active | Apr 7, 2026, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) Authentication Bypass VulnerabilityIvanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data. Endpoint Manager (EPM) | criticalCVE-2026-1603 Critical | active | Mar 8, 2026, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager Mobile (EPMM) Code Injection VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. Endpoint Manager Mobile (EPMM) | criticalCVE-2026-1281 Critical | active | Jan 28, 2026, 6:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library. Endpoint Manager Mobile (EPMM) | criticalCVE-2025-4427 Critical | active | May 18, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager Mobile (EPMM) Code Injection VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036. Endpoint Manager Mobile (EPMM) | criticalCVE-2025-4428 Critical | active | May 18, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow VulnerabilityIvanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. Known ransomware use: Known. Connect Secure, Policy Secure, and ZTA Gateways | criticalCVE-2025-22457 Critical | active | Apr 3, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) Absolute Path Traversal VulnerabilityIvanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. Endpoint Manager (EPM) | criticalCVE-2024-13160 Critical | active | Mar 9, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) Absolute Path Traversal VulnerabilityIvanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. Endpoint Manager (EPM) | criticalCVE-2024-13159 Critical | active | Mar 9, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) Absolute Path Traversal VulnerabilityIvanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. Endpoint Manager (EPM) | criticalCVE-2024-13161 Critical | active | Mar 9, 2025, 7:00 PM | CISA KEVOpen source |
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow VulnerabilityIvanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. Known ransomware use: Known. Connect Secure, Policy Secure, and ZTA Gateways | criticalCVE-2025-0282 Critical | active | Jan 7, 2025, 6:00 PM | CISA KEVOpen source |
Ivanti Cloud Services Appliance (CSA) OS Command Injection VulnerabilityIvanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS. Cloud Services Appliance (CSA) | criticalCVE-2024-9380 Critical | active | Oct 8, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Cloud Services Appliance (CSA) SQL Injection VulnerabilityIvanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements. Cloud Services Appliance (CSA) | criticalCVE-2024-9379 Critical | active | Oct 8, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager (EPM) SQL Injection VulnerabilityIvanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code. Endpoint Manager (EPM) | criticalCVE-2024-29824 Critical | active | Oct 1, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Virtual Traffic Manager Authentication Bypass VulnerabilityIvanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account. Virtual Traffic Manager | criticalCVE-2024-7593 Critical | active | Sep 23, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Cloud Services Appliance (CSA) Path Traversal VulnerabilityIvanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance. Cloud Services Appliance (CSA) | criticalCVE-2024-8963 Critical | active | Sep 18, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Cloud Services Appliance OS Command Injection VulnerabilityIvanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS. Cloud Services Appliance | criticalCVE-2024-8190 Critical | active | Sep 12, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection VulnerabilityIvanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody). Known ransomware use: Known. Endpoint Manager Cloud Service Appliance (EPM CSA) | criticalCVE-2021-44529 Critical | active | Mar 24, 2024, 7:00 PM | CISA KEVOpen source |
Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) VulnerabilityIvanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication. Known ransomware use: Known. Connect Secure, Policy Secure, and Neurons | criticalCVE-2024-21893 Critical | active | Jan 30, 2024, 6:00 PM | CISA KEVOpen source |
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass VulnerabilityIvanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application. Known ransomware use: Known. Endpoint Manager Mobile (EPMM) and MobileIron Core | criticalCVE-2023-35082 Critical | active | Jan 17, 2024, 6:00 PM | CISA KEVOpen source |
Ivanti Connect Secure and Policy Secure Command Injection VulnerabilityIvanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue. Known ransomware use: Known. Connect Secure and Policy Secure | criticalCVE-2024-21887 Critical | active | Jan 9, 2024, 6:00 PM | CISA KEVOpen source |
ITECS response pathways
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Use the cybersecurity services pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the Ivanti-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current Ivanti issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map Ivanti advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.