At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our vulnerability management program is designed to enable us to find, fix and disclose vulnerabilities in collaboration with the broader security ecosystem, and communicate responsibly and transparently with customers.

In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have additionally made improvements to our responsible disclosure process so that we can promptly discover and address potential issues. This has caused a spike in discovery and disclosure, and we agree with CISAs statement that the responsible discovery and disclosure of CVEs is “a sign of healthy code analysis and testing community.”

Ivanti is making a large investment in Secure by Design across our organization and signed the CISA Secure by Design pledge in May. You can follow along with our progress here.

Today, fixes have been released for the following Ivanti solutions: Ivanti Endpoint Manager (EPM), Ivanti Cloud Service Appliance (CSA) 4.6 and Ivanti Workspace Control (IWC).

It is important for customers to know:

  • We have no evidence of these vulnerabilities being exploited in the wild.
  • These vulnerabilities do not impact any other Ivanti products or solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.