Ivanti has released the following three security advisories addressing vulnerabilities in multiple products.
Security Advisory Ivanti Avalanche (Multiple CVEs) – Q4 2024 Release Ivanti Avalanche is a mobile device management solution and is used to remotely manage, deploy software, and schedule updates for enterprise mobile devices. Successful exploitation of five of the vulnerabilities could lead to denial-of-service (DoS) and one vulnerability could lead to information disclosure. All are rated with a CVSSv3 score of 7.5. Ivanti reports there is no known exploitation of these vulnerabilities.
Read more…
Source: NHS Digital
Related:
- Progress Software Releases Critical Security Updates for MOVEit Transfer and MOVEit Gateway
June 26, 2024
Progress (formerly Ipswitch) has released a security update for two critical vulnerabilities found in the SFTP module of the MOVEit Transfer (CVE-2024-5806) and MOVEit Gateway (CVE-2024-5805) applications. MOVEit is a managed secure file transfer tool. The improper authentication vulnerability known as CVE-2024-5806 has a CVSSv3 score of 9.1 and can lead to authentication bypass in MOVEit ...
- Microsoft Security Bulletin Coverage for June 2024
June 11, 2024
Microsoft’s June 2024 Patch Tuesday has 49 vulnerabilities, 24 of which are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2024 and has produced coverage for seven of the reported vulnerabilities. Read more… Source: Sonicwall Sign up for our Newsletter Related:
- Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919)
June 5, 2024
The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears. While labeled as a sensitive information disclosure vulnerability, it is actually a path traversal attack leading ...
- The impact of legacy vulnerabilities in today’s cybersecurity landscape
June 4, 2024
Of the top five most widely used network attacks against SMBs, the ‘newest’ vulnerability represented were nearly three years old, while the oldest were over a decade old – which is primitive when considering the modern threat environment. The results are a clear reminder for CISOs and cybersecurity leaders that they must assess organizational threats based ...
- Confluence Data Center and Server Remote Code Execution Vulnerability
May 30, 2024
The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in the Atlassian Confluence Data Center and Server, assessed its impact and developed mitigation measures. Confluence Server is a software to manage documentation and knowledge bases with an ubiquitous presence across the globe. Identified as CVE-2024-21683, Confluence Data Center and Server ...
- HHS puts $50M toward hospitals’ ransomware fight
May 20, 2024
A new agency within the National Institutes of Health is launching a $50 million initiative to develop tools for hospital IT teams that enhance their cybersecurity measures and resources to combat ransomware. On May 20, the Advanced Research Projects Agency for Health introduced its Universal PatchinG and Remediation for Autonomous DEfense, or UPGRADE, program. “What if ...