Ivanti releases standard security patches on the second Tuesday of every month. Ivanti vulnerability management program is central to the commitment to maintaining secure products. With philosophy that is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, Ivanti aim is to get ahead of threat actors to ensure all customers can take the steps needed to protect their environments.
Ivanti believe that responsible transparency helps protect all customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates.
To that end, today Ivanti is disclosing vulnerabilities in Ivanti Desktop and Server Management (DSM).
It is important for customers to know:
- Ivanti have no evidence of this vulnerability being exploited in the wild.
- This vulnerability does not impact any other Ivanti solutions.
- More information on this vulnerability and detailed instructions on how to remediate the issues can be found here.
CSP Global Support team is always available to help customers and partners should they have any questions. Cases can be logged via support@cspglobal.com