Ivanti has rolled out safety updates to deal with a number of safety flaws impacting Avalanche, Utility Keep watch over Engine, and Endpoint Supervisor (EPM), together with 4 important insects that might result in knowledge disclosure.
The entire 4 important safety flaws, rated 9.8 out of 10.0 at the CVSS scale, are rooted in EPM, and fear cases of absolute trail traversal that let a far flung unauthenticated attacker to leak delicate knowledge. The failings are indexed underneath –
- CVE-2024-10811
- CVE-2024-13161
- CVE-2024-13160, and
- CVE-2024-13159
The shortcomings impact EPM variations 2024 November safety replace and prior, and 2022 SU6 November safety replace and prior. They have got been addressed in EPM 2024 January-2025 Safety Replace and EPM 2022 SU6 January-2025 Safety Replace.
Horizon3.ai safety researcher Zach Hanley has been credited with finding and reporting all 4 vulnerabilities in query.
Additionally patched by means of Ivanti are more than one high-severity insects in Avalanche variations prior to six.4.7 and Utility Keep watch over Engine sooner than model 10.14.4.0 that might allow an attacker to avoid authentication, leak delicate knowledge, and get across the software blocking off capability.
The corporate mentioned it has no proof that any of the issues are being exploited within the wild, and that it has intensified its interior scanning and trying out procedures to promptly flag and deal with safety problems.
The advance comes as SAP launched fixes to get to the bottom of two important vulnerabilities in its NetWeaver ABAP Server and ABAP Platform (CVE-2025-0070 and CVE-2025-0066, CVSS ratings: 9.9) that permits an authenticated attacker to milk flawed authentication exams so as to escalate privileges and get admission to limited knowledge because of susceptible get admission to controls.
“SAP strongly recommends that the client visits the Make stronger Portal and applies patches on precedence to give protection to their SAP panorama,” the corporate mentioned in its January 2025 bulletin.