At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products. We continue to invest significant resources to ensure that all our solutions continue to meet our own high standards. In the best interests of our customers, we are always investigating, assessing, monitoring, and validating the security posture of our solutions. We collaborate with the broader security ecosystem to share intelligence and appreciate when we are made aware of issues via responsible disclosure from reputable sources.

As part of our ongoing strengthening of the security of our products we have discovered twenty new vulnerabilities in the Ivanti Avalanche on-premise product. We are reporting these vulnerabilities as the CVE numbers listed below.

These vulnerabilities impact all supported versions of the products – Avalanche versions 6.3.1 and above. Older versions/releases are also at risk.

This release corrects multiple memory corruption vulnerabilities, covered in these security advisories:

  • CVE-2023-41727
  • CVE-2023-46216
  • CVE-2023-46217
  • CVE-2023-46220
  • CVE-2023-46221
  • CVE-2023-46222
  • CVE-2023-46223
  • CVE-2023-46224
  • CVE-2023-46225
  • CVE-2023-46257
  • CVE-2023-46258
  • CVE-2023-46259
  • CVE-2023-46260
  • CVE-2023-46261
  • CVE-2023-46262
  • CVE-2023-46263
  • CVE-2021-22962
  • CVE-2023-46264
  • CVE-2023-46265
  • CVE-2023-46266

Upon learning of the vulnerabilities, we immediately mobilized resources to fix the problem and have fixes available now for all impacted versions. More detailed information can be found at the links below:

Our Support team is always available to help customers. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.