Ivanti releases standard security patches on the second Tuesday of every month.  Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments.

We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates.

To that end, today Ivanti is disclosing vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) and Neurons for MDM.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Endpoint Manager Mobile (EPMM)
• Ivanti Neurons for MDM

In addition, Ivanti has issued a Security Advisory for Ivanti Endpoint Manager, which provides mitigation options for vulnerabilities disclosed October 7, 2025.  

It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti solutions.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti releases standard security patches on the second Tuesday of every month.  Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. At the core, we believe that responsible transparency helps protect our customers.

We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates.

To that end, today Ivanti is disclosing vulnerabilities in Ivanti Endpoint Manager (EPM) and Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access.

It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Endpoint Manager (EPM)
• Ivanti Connect Secure, Policy Secure, ZTNA and nSA

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti releases standard security patches on the second Tuesday of every month.  Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. At the core, we believe that responsible transparency helps protect our customers.

We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates.

To that end, today Ivanti is disclosing vulnerabilities in Ivanti Avalanche, Ivanti Virtual Application Delivery Control (vADC) (previously known as vTM) and Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access.

It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Avalanche
• Ivanti vADC
• Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti releases standard security patches on the second Tuesday of every month.  Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments.

We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates.

To that end, today Ivanti is disclosing vulnerabilities in Ivanti Connect Secure and Policy Secure, Ivanti EPM, and Ivanti EPMM.  

It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Connect Secure and Policy Secure
• Ivanti EPMM
• Ivanti EPM

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti releases standard security patches on the second Tuesday of every month. It is our philosophy that responsible transparency helps protect our customers. CVE disclosures are an essential and effective tool for communicating software vulnerabilities and necessary actions to customers. A CVE serves as a beacon to security teams and signals the need for urgent updates.  

Today, Ivanti is disclosing vulnerabilities in Ivanti Workspace Control. 

It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Workspace Control (IWC)

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti releases standard security patches on the second Tuesday of every month. For many of our customers, the predictable schedule facilitates better planning and management of IT resources, allowing them to allocate time and personnel efficiently for the timely updates.

Today, Ivanti is disclosing vulnerabilities in Ivanti ITSM (on-premises only), Cloud Security Application (CSA) and Neurons for MDM.

It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Neurons for ITSM (on-premises only)
• Cloud Security Application (CSA)
• Ivanti Neurons for MDM

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

At Ivanti, transparency is a cornerstone of our commitment to customer security and trust. It is through such transparency that vulnerabilities are swiftly addressed, allowing our customers and the broader ecosystem to take proactive measures to safeguard their environments amidst a rapidly evolving and highly sophisticated threat landscape.

To this end, we are issuing an important security update addressing vulnerabilities associated with open-source libraries used in Ivanti Endpoint Manager Mobile (EPMM). We have provided an FAQ below and in the Security Advisory.

At the time of disclosure, we are aware of a very limited number of customers whose solution has been exploited.

The issue only affects the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti Sentry, or any other Ivanti products.

We urge all customers using the on-prem EPMM product to promptly install the patch.

We have made additional resources and support teams available to assist customers in implementing the patch and addressing any concerns. Detailed information is available in our Security Advisory so that customers can protect their environment.

Thank you to our customers and security partners for their engagement and support, which enabled our swift response to this issue. We remain committed to continuously improving our products and processes through collaboration and transparency with our stakeholders and the broader security ecosystem.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti’s vulnerability management program is a central part of our commitment to security. We employ rigorous testing and validation methodologies to enable swift identification, patching, and disclosure of vulnerabilities in collaboration with the broader security ecosystem. Our priority is to provide responsible and transparent communication to our customers, so they are empowered to defend their environments.

In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have also made enhancements to our responsible disclosure process so that we promptly discover and address potential issues, and so that our customers are best equipped to take action.

Ivanti releases standard security patches on the second Tuesday of every month. For many of our customers, the predictable schedule facilitates better planning and management of IT resources, allowing them to allocate time and personnel efficiently for the timely updates.

Today, Ivanti is disclosing vulnerabilities in Ivanti Endpoint Manager (EPM).

It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisory.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

** The following has been updated to make clear the vulnerability was fully patched in Ivanti Connect Secure 22.7R2.6 (released February 11, 2025). 

At Ivanti, our mission is to empower customers to defend their environments in an evolving and increasingly sophisticated threat landscape. This includes providing industry-leading products, transparent communication, and sophisticated tools to help to protect and fortify networks. Central to this mission is a culture of transparency and responsiveness, especially when facing a security issue. This is essential for the health and security of the entire industry and the organizations we serve.

To this end, we are issuing an important security update addressing a vulnerability in Pulse Connect Secure (version 9.1x, which reached end-of-support December 31, 2024), Ivanti Connect Secure (version 22.7R2.5 and earlier), Policy Secure and Neurons for ZTA gateways. We are reporting the vulnerability as CVE-2025-22457.

Customers have a significantly reduced risk from this vulnerability if they are running appliances on supported versions and in accordance with Ivanti's guidance:

• This vulnerability was fully patched in Ivanti Connect Secure 22.7R2.6 (released February 11, 2025).
• Ivanti Policy Secure should not be an internet facing solution. Users that follow Ivanti’s guidance regarding internet exposure are at a reduced risk from this vulnerability.
• Neurons for ZTA gateways cannot be exploited when in production.

We are aware of a limited number of customers whose appliances have been exploited and are running Ivanti Connect Secure 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. At the time of this disclosure, we are not aware of any exploitation of this vulnerability in Ivanti Policy Secure or Neurons for ZTA gateways, which have meaningfully reduced risk from this vulnerability.

Pulse Connect Secure 9.1x reached End-of-Support on December 31, 2024, and no longer receives code support or changes. Customers who have not yet migrated from this solution will need to contact Ivanti for a migration path to Ivanti Connect Secure or migrate to another secure solution to ensure their security. Ivanti always encourages customers to remain on the latest version of software so they can benefit from important security and product enhancements.

We have made additional resources and support teams available to assist customers in implementing the patch and addressing any concerns. More information is available in this Security Advisory on the vulnerability and the nature of the threat so that customers can protect their environment.

Thank you to our customers and security partners for their engagement and support, which enabled our swift detection and response to this issue. We remain committed to continuously improving our products and processes through collaboration and transparency with our stakeholders and the broader security ecosystem.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti’s vulnerability management program is a central part of our commitment to security. We employ rigorous testing and validation methodologies to enable swift identification, patching, and disclosure of vulnerabilities in collaboration with the broader security ecosystem. Our priority is to provide responsible and transparent communication to our customers, so they are empowered to defend their environments.

In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have also made enhancements to our responsible disclosure process so that we promptly discover and address potential issues, and so that our customers are best equipped to take action.

Ivanti releases standard security patches on the second Tuesday of every month. For many of our customers, the predictable schedule facilitates better planning and management of IT resources, allowing them to allocate time and personnel efficiently for the timely updates.

It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Neurons for MDM
• Ivanti Secure Access Client (ISAC)

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti’s vulnerability management program is a central part of our commitment to security. We employ rigorous testing and validation methodologies to enable swift identification, patching, and disclosure of vulnerabilities in collaboration with the broader security ecosystem. Our priority is to provide responsible and transparent communication to our customers, so they are empowered to defend their environments.

In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have also made enhancements to our responsible disclosure process so that we promptly discover and address potential issues, and so that our customers are best equipped to take action.

Ivanti releases standard security patches on the second Tuesday of every month. For many of our customers, the predictable schedule facilitates better planning and management of IT resources, allowing them to allocate time and personnel efficiently for the timely updates.

Today, fixes have been released for the Ivanti solutions detailed below.

It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti products.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Cloud Service Application
• Ivanti Neurons for MDM
• Ivanti Connect Secure, Policy Secure and Secure Access Client

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti’s vulnerability management program is a central part of our commitment to security. We employ rigorous testing and validation methodologies to enable swift identification, patching, and disclosure of vulnerabilities in collaboration with the broader security ecosystem. Our priority is to provide responsible and transparent communication to our customers, so they are empowered to defend their environments.

In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have also made enhancements to our responsible disclosure process so that we promptly discover and address potential issues, and so that our customers are best equipped to take action.

As part of this, Ivanti releases standard security patches on the second Tuesday of every month. For many of our customers, the predictable schedule facilitates better planning and management of IT resources, allowing them to allocate time and personnel efficiently for the timely updates.

Today, fixes have been released for the Ivanti solutions detailed below.

It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti products.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Avalanche
• Ivanti Application Control Engine (AC Engine is present on Ivanti Application Control, Ivanti Neurons for App Control and can integrate with Ivanti Security Controls and Ivanti Endpoint Manager).
• Ivanti EPM

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

At Ivanti, our mission is to empower customers to defend their environments in an evolving and increasingly sophisticated threat landscape. This includes providing industry-leading products, transparent communication, and sophisticated tools to help to protect and fortify networks. Central to this mission is a culture of transparency and responsiveness, especially when facing a security issue. This is essential for the health and security of the entire industry and the organizations we serve.

To this end, we are issuing an important security update addressing recently identified vulnerabilities for Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways. We are reporting the vulnerabilities as CVE-2025-0282 and CVE-2025-0283. A fix is available now in our standard download portal.

We are aware of a limited number of customers’ Ivanti Connect Secure appliances which have been exploited by CVE-2025-0282 at the time of disclosure. We are not aware of these CVEs being exploited in Ivanti Policy Secure or Neurons for ZTA gateways.

Threat actor activity was identified by the Integrity Checker Tool (ICT) on the same day it occurred, enabling Ivanti to respond promptly and rapidly develop a fix. We continue to work closely with affected customers, external security partners, and law enforcement agencies as we respond to this threat. We strongly advise all customers to closely monitor their internal and external ICT as a part of a robust and layered approach to cybersecurity to ensure the integrity and security of the entire network infrastructure.

We have made additional resources and support teams available to assist customers in implementing the patch and addressing any concerns. Information is available in this Security Advisory on how to apply the fix and the nature of the threat so that customers can protect their environment.

Thank you to our customers and security partners for their engagement and support, which enabled our swift detection and response to this issue. We remain committed to continuously improving our products and processes through collaboration and transparency with our stakeholders and the broader security ecosystem.  

This incident serves as a reminder of the importance of continuous monitoring and proactive and layered security measures, particularly for edge devices (such as VPNs) which provide an essential service as the initial access point to a corporate network – but which are also highly appealing to attackers.  

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

In today’s digital era the importance of maintaining secure software cannot be overstated. Ivanti is dedicated to providing secure solutions and we prioritize security throughout the development lifecycle. We employ rigorous testing and validation methodologies to identify and mitigate potential vulnerabilities. Our vulnerability management program is designed to identify, fix and disclose vulnerabilities in collaboration with the broader security ecosystem, ensuring responsible and transparent communication with our customers.

In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have also made improvements to our responsible disclosure process so that we can promptly discover and address potential issues – this has created a natural and intended increase in disclosure.

Ivanti has begun releasing standard security patches on the second Tuesday of every month. For many of our customers, the predictable schedule facilitates better planning and management of IT resources, allowing them to allocate time and personnel efficiently for the timely updates.

We understand that secure software is not just a feature but a fundamental requirement in delivering reliable and trustworthy solutions. Ivanti remains steadfast in its mission to deliver secure, innovative, and effective products that our customers can rely on with confidence.

Today, fixes have been released for the Ivanti solutions detailed below.

It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Cloud Service Application
• Ivanti Desktop and Server Management (DSM)
• Ivanti Connect Secure and Policy Secure
• Ivanti Sentry
• Ivanti Patch SDK (also affecting Ivanti Endpoint Manager (EPM), Ivanti Security Controls, Ivanti Neurons Agent, Ivanti Neurons for Patch Management, and Ivanti Patch for Configuration Manager)

Update December 11, 2025: fixes have been released for the following solutions.

• Ivanti Application Control
• Ivanti Automation
• Ivanti Workspace Control
• Ivanti Performance Manager
• Ivanti Security Controls (iSec)

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our vulnerability management program is designed to enable us to find, fix and disclose vulnerabilities in collaboration with the broader security ecosystem, and communicate responsibly and transparently with customers.

Ivanti is making a large investment in Secure by Design across our organization and signed the CISA Secure by Design pledge in May. You can follow along with our progress here.

Today, fixes have been released for the following Ivanti solutions: Ivanti Endpoint Manager (EPM), Ivanti Avalanche, Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Security Access Client.

It is important for customers to know:

• We have no evidence of any of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti products or solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti EPM
• Ivanti Avalanche
• Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Security Access Client

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our vulnerability management program is designed to enable us to find, fix and disclose vulnerabilities in collaboration with the broader security ecosystem, and communicate responsibly and transparently with customers.

In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have additionally made improvements to our responsible disclosure process so that we can promptly discover and address potential issues.

Ivanti is making a large investment in Secure by Design across our organization and signed the CISA Secure by Design pledge in May. You can follow along with our progress here.

Today, fixes have been released for the following Ivanti solutions: Ivanti Endpoint Manager Mobile (EPMM), Ivanti Cloud Service Application (CSA), Ivanti Velocity License Server, Ivanti Connect Secure and Policy Secure, and Ivanti Avalanche.

It is important for customers to know:

• We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379 or CVE-2024-9380 are chained with CVE-2024-8963. We have not observed these vulnerabilities being exploited in any version of CSA 5.0.
• We have no evidence of any other vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti products or solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti EPMM
• Ivanti CSA
• Ivanti Velocity License Server
• Ivanti Avalanche
• Ivanti Connect Secure/Policy Secure

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our vulnerability management program is designed to enable us to find, fix and transparently disclose vulnerabilities in collaboration with the broader security ecosystem. Ivanti views complete and accurate CVE disclosures as an important part of maintaining secure software.   

To that end, we are disclosing a vulnerability in Ivanti Cloud Service Appliance 4.6 which was incidentally resolved in the patch released 10 September.  

It is important for customers to know: 

• We are aware of a limited number of customers who have been exploited by this vulnerability. 
• This vulnerability does not impact any other Ivanti products or solutions. 
• Ivanti CSA 4.6 is end-of-life and Ivanti strongly recommends that customers transition to Ivanti CSA 5.0 as it is supported and is not affected by this vulnerability. 

More information on this vulnerability and detailed instructions on how to remediate the issue can be found in this Security Advisory. 

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required). 

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program. 

At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our vulnerability management program is designed to enable us to find, fix and disclose vulnerabilities in collaboration with the broader security ecosystem, and communicate responsibly and transparently with customers.

In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have additionally made improvements to our responsible disclosure process so that we can promptly discover and address potential issues. This has caused a spike in discovery and disclosure, and we agree with CISAs statement that the responsible discovery and disclosure of CVEs is “a sign of healthy code analysis and testing community.”

Ivanti is making a large investment in Secure by Design across our organization and signed the CISA Secure by Design pledge in May. You can follow along with our progress here.

Today, fixes have been released for the following Ivanti solutions: Ivanti Endpoint Manager (EPM), Ivanti Cloud Service Appliance (CSA) 4.6 and Ivanti Workspace Control (IWC).

It is important for customers to know:

• We have no evidence of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti products or solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Endpoint Manager
• Ivanti CSA 4.6
• Ivanti Workspace Control (IWC)

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. We invest significant resources to ensure that all our solutions continue to meet our own high standards and industry best practices.  We continue to implement important security enhancements that will better enable us to anticipate, prevent, and protect against future threats. This includes improvements to our vulnerability management program to enable us to find, fix and disclose vulnerabilities in collaboration with the broader security ecosystem, and communicate responsibly and transparently with customers.

Today, fixes have been released for the following solutions: Ivanti Neurons for ITSM, Ivanti Avalanche and Ivanti Virtual Traffic Manager (vTM).

It is important for customers to know:

• We have no evidence of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti products or solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti Neurons for ITSM
• Ivanti Avalanche
• Ivanti Virtual Traffic Manager (vTM)

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. We invest significant resources to ensure that all our solutions continue to meet our own high standards and industry best practices.  We continue to implement important security enhancements that will better enable us to anticipate, prevent, and protect against future threats. This includes improvements to our vulnerability management program to enable us to find, fix and disclose vulnerabilities in collaboration with the broader security ecosystem, and communicate responsibly and transparently with customers.

Today, fixes have been released for the following solutions: Ivanti Endpoint Manager (EPM), Ivanti Endpoint Manager for Mobile (EPMM) and Ivanti Docs@Work for Android.

It is important for customers to know:

• We have no evidence of these vulnerabilities being exploited in the wild.
• These vulnerabilities do not impact any other Ivanti products or solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories: 

• Ivanti Endpoint Manager (EPM)
• Ivanti Endpoint Manager for Mobile (EPMM)
• Ivanti Docs@Work for Android

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.