Aler Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution


To fix a severe weakness affecting its Endpoint Manager (EPM) solution, Ivanti has published security upgrades. If successfully exploited, this flaw might lead to remote code execution (RCE) on vulnerable servers.

The vulnerability, identified as CVE-2023-39336, has received a score of 9.6 out of 10 on the CVSS evaluation system. The flaw affects EPM 2022 and EPM 2021 before SU5. “If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication,” Ivanti stated in a security advisory.

Read More…