Ivanti’s Response to Critical Security Flaws
Ivanti has released crucial security updates for its Endpoint Manager (EPM) platform, addressing two significant vulnerabilities that posed a risk of unauthorized access to sensitive data and potential compromise of user credentials. These updates, included in the 2024 SU5 version, also resolve 11 medium-severity vulnerabilities previously identified in October 2025.
Details of the Security Vulnerabilities
The security advisory from Ivanti identifies two primary vulnerabilities of concern. The first, known as CVE-2026-1603, is an authentication bypass issue with a CVSS score of 8.6, categorized as High severity. This flaw allows remote attackers to access stored credential data without requiring authentication, posing a significant risk due to its ease of exploitation over a network.
The second vulnerability, CVE-2026-1602, rated with a CVSS score of 6.5 (Medium), involves a SQL injection flaw. This weakness enables remote authenticated users to read arbitrary data from the database, potentially exposing sensitive organizational information. Although this vulnerability affects data confidentiality, it does not compromise system integrity or availability.
Implications for Enterprise Security
Organizations using Ivanti Endpoint Manager version 2024 SU4 SR1 and earlier are at risk from these vulnerabilities. The issues affect core authentication and database query mechanisms, making them particularly concerning for enterprises managing multiple endpoints. The authentication bypass vulnerability is especially alarming due to its potential to provide attackers with initial access to credential stores without prior authentication.
Ivanti has released the patched version, EPM 2024 SU5, through its Ivanti License System (ILS), urging administrators to apply the update immediately to mitigate potential risks. The company has reported no active exploitation observed prior to the vulnerabilities’ public disclosure, which were identified through Ivanti’s responsible disclosure program.
Collaborative Efforts and Future Outlook
The vulnerabilities were discovered by a security researcher collaborating with the Trend Zero Day Initiative, and Ivanti has publicly acknowledged the researcher’s contributions. This highlights the importance of collaboration with the security community to maintain the integrity of enterprise software.
With no known exploitation in the wild, the disclosure of technical details increases the urgency for organizations to deploy these patches. Enterprises using Ivanti Endpoint Manager are advised to prioritize updating to version 2024 SU5 and conduct thorough security audits to ensure no unauthorized access occurred prior to patching.
Ivanti continues to encourage the reporting of vulnerabilities through its official channels and remains committed to enhancing its products’ security. For ongoing updates, follow Ivanti on Google News, LinkedIn, and X, and contact us to share your cybersecurity stories.
