Summary
Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.
Take Action:
If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)