Ivanti has released the following three security advisories addressing vulnerabilities in multiple products.
Security Advisory Ivanti Avalanche (Multiple CVEs) – Q4 2024 Release Ivanti Avalanche is a mobile device management solution and is used to remotely manage, deploy software, and schedule updates for enterprise mobile devices. Successful exploitation of five of the vulnerabilities could lead to denial-of-service (DoS) and one vulnerability could lead to information disclosure. All are rated with a CVSSv3 score of 7.5. Ivanti reports there is no known exploitation of these vulnerabilities.
Read more…
Source: NHS Digital
Related:
- Apple fixes recently disclosed zero-days on older iPhones and iPads
April 10, 2023
Apple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs. “Apple is aware of a report that this issue may have been actively exploited,” the company said in security advisories published on Monday. Read more… Source: Bleeping Computer
- Apple fixes two zero-days exploited to hack iPhones and Macs
April 7, 2023
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. “Apple is aware of a report that this issue may have been actively exploited,” the company said when describing the issues in security advisories published on Friday. Read more… Source: Bleeping Computer
- CVE-2023-23397 – Microsoft Outlook Privilege Escalation
March 31, 2023
On March 14, 2023, Microsoft released a patch for CVE-2023-23397. CVE-2023-23397 is a vulnerability in the Windows Microsoft Outlook client that can be exploited by sending a specially crafted email that triggers automatically when it is processed by the Outlook client. No user interaction is required to trigger the exploit. Exploitation of the vulnerability will leak ...
- Apple Releases Security Updates for Multiple Products
March 28, 2023
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Patch CVE-2023-23397 Immediately: What You Need To Know and Do
March 21, 2023
CVE-2023-23397 is a critical privilege elevation/authentication bypass vulnerability in Outlook, released as part of the March Patch Tuesday set of fixes. The vulnerability, which affects all versions of Windows Outlook, was given a 9.8 CVSS rating and is one of two zero-day exploits disclosed on March 14. Trend Micro researchers summarize the points that security teams ...
- Hands up who DIDN’T exploit this years-old flaw to ransack a US govt web server…
March 15, 2023
Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency’s Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution. The snafu happened between November 2022 and early January, according to a joint alert from the FBI, CISA, and America’s Multi-State Information ...