ivanti
Safeguard articles tagged "ivanti" — guides, analysis, and best practices for software supply chain and application security.
9 articles
Ivanti Connect Secure CVE-2024-21887 Explained: Command Injection in a Two-Bug Chain
CVE-2024-21887 is a command injection in Ivanti Connect Secure that, chained with the auth bypass CVE-2023-46805, gave attackers unauthenticated RCE. Here is the timeline, root cause, and patched versions.
Ivanti EPMM CVE-2026-6973: Authenticated RCE on CISA KEV in May 2026
Ivanti disclosed CVE-2026-6973 on May 7, 2026, an improper-input-validation RCE in Endpoint Manager Mobile already seeing limited exploitation. CISA gave federal agencies a three-day patch deadline.
UNC5221 Ivanti Exploitation Campaign Analysis
UNC5221 chained Ivanti Connect Secure zero-days through 2024 and 2025. The campaign reads like a masterclass in living off trusted edge appliances.
CVE-2025-22462 in Ivanti Neurons for ITSM: Patch Posture & SBOM Response
Ivanti Neurons for ITSM auth bypass scored CVSS 9.8 and grants full admin access. Defender playbook for the ITSM patching emergency.
Ivanti Connect Secure CVE-2025-22457: Another Critical Zero-Day, Same Product
A stack-based buffer overflow in Ivanti Connect Secure was exploited by Chinese threat actors just months after the previous zero-day in the same product. The vulnerability was initially misclassified as low-risk.
Ivanti Connect Secure Zero-Day: CVE-2025-0282 Under Active Exploitation
A stack-based buffer overflow in Ivanti Connect Secure allowed unauthenticated remote code execution. Chinese threat actors exploited it before any patch existed.
Ivanti Cloud Services Appliance CVE-2024-8963: Chained Exploitation
Ivanti's Cloud Services Appliance faced chained zero-day exploitation in September 2024, with attackers combining path traversal and command injection for unauthenticated RCE.
Ivanti Connect Secure Zero-Day: CVE-2024-21887 and CVE-2023-46805 Exploited in the Wild
Two chained zero-days in Ivanti Connect Secure VPN appliances gave attackers unauthenticated remote code execution. Here's what happened and why perimeter devices remain a favorite target.
Ivanti EPMM Zero-Day CVE-2023-35078: Norwegian Government Breach
A critical authentication bypass in Ivanti's Endpoint Manager Mobile was exploited to breach Norwegian government agencies, earning a perfect CVSS 10.0 score.