Ivanti has released the following three security advisories addressing vulnerabilities in multiple products.
Security Advisory Ivanti Avalanche (Multiple CVEs) – Q4 2024 Release Ivanti Avalanche is a mobile device management solution and is used to remotely manage, deploy software, and schedule updates for enterprise mobile devices. Successful exploitation of five of the vulnerabilities could lead to denial-of-service (DoS) and one vulnerability could lead to information disclosure. All are rated with a CVSSv3 score of 7.5. Ivanti reports there is no known exploitation of these vulnerabilities.
Read more…
Source: NHS Digital
Related:
- Cisco Fixes DoS, Authentication Bypass Vulnerabilities, OSPF Bug
August 3, 2017
Cisco fixed 15 vulnerabilities this week in more than a dozen products, including two high severity vulnerabilities that could have let an attacker trigger a denial of service condition or bypass local authentication. The more severe bugs fixed on Wednesday exist in the company’s Identity Services Engine and its Videoscape Distribution Suite. The bypass, which exists ...
- IBM Patches Reflected XSS in Worklight, MobileFirst
August 2, 2017
BM fixed a cross-site scripting vulnerability in two products last month that could have let an attacker execute malicious JavaScript code in a victim’s browser to steal sensitive information, or user credentials. The vulnerability (CVE-2017-1500) lingered in the products, Worklight and MobileFirst, for almost a year. Gabriele Gristina, a security consultant for the Italian information security ...
- Apple Patches BroadPwn Bug in iOS 10.3.3
July 20, 2017
Apple released iOS 10.3.3 Wednesday, which serves as a cumulative update that includes patches for multiple vulnerabilities including the high-profile BroadPwn bug that allowed an attacker to seize control of a targeted iOS device. BroadPwn was revealed earlier this month as a flaw in Broadcom Wi-Fi chipsets used in Apple and Android devices. Apple said the ...
- Oracle Releases Biggest Update Ever: 308 Vulnerabilities Patched
July 18, 2017
Oracle admins are today staring down the barrel of the biggest quarterly Critical Patch Update ever. The numbers are gory: 308 vulnerabilities patched, 165 of which are remotely exploitable, across more than 90 products. So far in 2017, Oracle has patched 878 vulnerabilities through three CPUs. System and network admins have never been taxed from a patching ...
- Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!
July 17, 2017
A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim’s computer. Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help ...
- Siemens Patches Authentication Bypass Flaw in SiPass Server
July 14, 2017
A handful of vulnerabilities in Siemens’ SiPass integrated server have been patched, including one that allows an attacker to bypass authentication on the box. SiPass is the company’s integrated access control server managing physical access in a number of industries and use cases. The product supports card readers and integrates with video surveillance equipment, among other ...