Critical security warning: Ivanti Endpoint Manager under fire!
Critical security warning: Ivanti Endpoint Manager under fire!
BSI, Deutschland - The IT world is currently facing a new security scandal that makes many companies listen to. According to b2B cyber security there are questionable weaknesses in the Ivanti endpoint manager, a software that serves to central administration of user profiles and devices. This warning of the BSI has it tough: the security gaps are not only diverse, they also represent a significant danger to the integrity of numerous systems.
In July 2025, a critical security report was published, which particularly affects the versions EPM 2024 SU2 and EPM 2022 SU8. The weaknesses include SQL injection, denial of service and privileges from uncertain memory access. It is once more evident how important it is to install security updates promptly to minimize such dangers.
a deeper look at the threat
The security report, which was already updated on April 21, 2025, lists the risks associated with the existing weaknesses. The risk of attack should not be underestimated, because remote attacks are possible and could lead to the attacker data manipulating, performing any code or even causing denial-of service states. The risk level of this security gap is classified as high, with a CVSS base score of 8.2 and a temporary score of 7.1, which does not exactly calm.
The affected products include variants of the Ivanti Endpoint Manager, which are younger than EPM 2022 SU7 and those that are older than EPM 2024 SU1. Companies are therefore well advised to bring the software up to date and contact the responsible administrator if you have any questions, as is also the case in the report from news.de is.
The role of CVE and CVSS in weakness management
In this context, it is exciting to look at how security -relevant vulnerabilities are rated at all. The systems CVE (Common Vulnerabilities and Exposures) and CVSS (Common Vulnerability Scoring System) are of central importance. As n -able , CVS is used to identify security gaps, while CVSS determines its difficulty. The CVSS score ranges from 0.0 to 10.0 and takes into account various influencing factors such as the attack vector and the privileges required for a successful attack.
It becomes clear that effective weakness management is hardly possible without the integration of this data. In today's world, in which cyber attacks are increasingly gaining complexity and speed, it is essential to regularly carry out security updates and to consider current ratings of the threat situation.
In conclusion, it remains to be said that the Ivanti Endpoint Manager got into the crossfire due to these current security gaps. Companies should act urgently and secure their systems so as not to become the next victim of a cyber attack. Because what's the name of? Anyone who is prepared has already won.Details | |
---|---|
Ort | BSI, Deutschland |
Quellen |
Kommentare (0)