Ivanti has identified a critical flaw, CVE-2024-7593, in its Virtual Traffic Manager (vTM), which scores 9.8 on the CVSS scale, allowing remote attackers to bypass authentication.
To address this vulnerability, Ivanti recommends limiting admin access to the management interface and applying the latest fixes immediately, despite no evidence of real-world exploitation yet.
The flaw impacts multiple versions of vTM, with appropriate patches scheduled for release by August 19, 2024, specifically for versions 22.3, 22.5R1, and 22.6R1.
Ivanti also dealt with vulnerabilities in Neurons for ITSM, including CVE-2024-7569, which allows unauthenticated attacks leading to information disclosure, and CVE-2024-7570, related to certificate validation.
Collection
[
|
...
]