At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our vulnerability management program is designed to enable us to find, fix and transparently disclose vulnerabilities in collaboration with the broader security ecosystem. Ivanti views complete and accurate CVE disclosures as an important part of maintaining secure software.   

To that end, we are disclosing a vulnerability in Ivanti Cloud Service Appliance 4.6 which was incidentally resolved in the patch released 10 September.  

It is important for customers to know: 

  • We are aware of a limited number of customers who have been exploited by this vulnerability. 
  • This vulnerability does not impact any other Ivanti products or solutions. 
  • Ivanti CSA 4.6 is end-of-life and Ivanti strongly recommends that customers transition to Ivanti CSA 5.0 as it is supported and is not affected by this vulnerability. 

More information on this vulnerability and detailed instructions on how to remediate the issue can be found in this Security Advisory

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required). 

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.