Safeguard
Tag

ivanti

Safeguard articles tagged "ivanti" — guides, analysis, and best practices for software supply chain and application security.

9 articles

Vulnerability Analysis

Ivanti Connect Secure CVE-2024-21887 Explained: Command Injection in a Two-Bug Chain

CVE-2024-21887 is a command injection in Ivanti Connect Secure that, chained with the auth bypass CVE-2023-46805, gave attackers unauthenticated RCE. Here is the timeline, root cause, and patched versions.

Jul 8, 20266 min read
Vulnerability Analysis

Ivanti EPMM CVE-2026-6973: Authenticated RCE on CISA KEV in May 2026

Ivanti disclosed CVE-2026-6973 on May 7, 2026, an improper-input-validation RCE in Endpoint Manager Mobile already seeing limited exploitation. CISA gave federal agencies a three-day patch deadline.

May 8, 202610 min read
Threat Intelligence

UNC5221 Ivanti Exploitation Campaign Analysis

UNC5221 chained Ivanti Connect Secure zero-days through 2024 and 2025. The campaign reads like a masterclass in living off trusted edge appliances.

Mar 13, 20267 min read
Vulnerability Response

CVE-2025-22462 in Ivanti Neurons for ITSM: Patch Posture & SBOM Response

Ivanti Neurons for ITSM auth bypass scored CVSS 9.8 and grants full admin access. Defender playbook for the ITSM patching emergency.

May 15, 20256 min read
Vulnerability Analysis

Ivanti Connect Secure CVE-2025-22457: Another Critical Zero-Day, Same Product

A stack-based buffer overflow in Ivanti Connect Secure was exploited by Chinese threat actors just months after the previous zero-day in the same product. The vulnerability was initially misclassified as low-risk.

Apr 3, 20255 min read
Vulnerability Analysis

Ivanti Connect Secure Zero-Day: CVE-2025-0282 Under Active Exploitation

A stack-based buffer overflow in Ivanti Connect Secure allowed unauthenticated remote code execution. Chinese threat actors exploited it before any patch existed.

Jan 8, 20255 min read
Vulnerability Analysis

Ivanti Cloud Services Appliance CVE-2024-8963: Chained Exploitation

Ivanti's Cloud Services Appliance faced chained zero-day exploitation in September 2024, with attackers combining path traversal and command injection for unauthenticated RCE.

Sep 13, 20246 min read
Vulnerability Analysis

Ivanti Connect Secure Zero-Day: CVE-2024-21887 and CVE-2023-46805 Exploited in the Wild

Two chained zero-days in Ivanti Connect Secure VPN appliances gave attackers unauthenticated remote code execution. Here's what happened and why perimeter devices remain a favorite target.

Jan 10, 20245 min read
Vulnerability Analysis

Ivanti EPMM Zero-Day CVE-2023-35078: Norwegian Government Breach

A critical authentication bypass in Ivanti's Endpoint Manager Mobile was exploited to breach Norwegian government agencies, earning a perfect CVSS 10.0 score.

Aug 8, 20234 min read
ivanti — Safeguard Blog