Ivanti Patches Critical Vulnerabilities in Endpoint Manager (EPM) Platform
Ivanti has released urgent security updates for its Endpoint Manager (EPM) platform, addressing two critical vulnerabilities that could expose sensitive database information and user credentials. The patches, included in EPM 2024 SU5, also resolve 11 medium-severity flaws previously disclosed in October 2025.
The most severe issue, CVE-2026-1603 (CVSS 8.6), is an authentication bypass flaw allowing remote, unauthenticated attackers to leak stored credential data without user interaction. The second vulnerability, CVE-2026-1602 (CVSS 6.5), is a SQL injection flaw enabling authenticated attackers to read arbitrary database data, though it does not impact system integrity or availability.
Both vulnerabilities affect Ivanti EPM versions 2024 SU4 SR1 and earlier, with the patched 2024 SU5 now available via the Ivanti License System (ILS). Ivanti confirmed that no active exploitation was detected prior to disclosure, as the flaws were reported through its responsible disclosure program by security researcher 06fe5fd2bc53027c4a3b7e395af0b850e7b8a044, in collaboration with the Trend Zero Day Initiative.
While Ivanti reports no known exploitation in the wild, the public release of technical details heightens the risk of future attacks. Organizations using affected versions are advised to apply the update immediately and review systems for potential unauthorized access. The vulnerabilities highlight persistent risks in enterprise endpoint management, particularly for platforms handling privileged credentials.
Source: https://cybersecuritynews.com/multiple-ivanti-endpoint-manager-vulnerability/
Ivanti cybersecurity rating report: https://www.rankiteo.com/company/ivanti
"id": "IVA1770746108",
"linkid": "ivanti",
"type": "Vulnerability",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Cybersecurity/Endpoint Management',
'name': 'Ivanti',
'type': 'Company'}],
'attack_vector': ['Remote', 'Unauthenticated', 'Authenticated'],
'customer_advisories': 'Organizations using affected versions are advised to '
'apply the update immediately and review systems for '
'potential unauthorized access.',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Sensitive database information',
'User credentials']},
'description': 'Ivanti has released urgent security updates for its Endpoint '
'Manager (EPM) platform, addressing two critical '
'vulnerabilities that could expose sensitive database '
'information and user credentials. The patches, included in '
'EPM 2024 SU5, also resolve 11 medium-severity flaws '
'previously disclosed in October 2025. The most severe issue, '
'CVE-2026-1603 (CVSS 8.6), is an authentication bypass flaw '
'allowing remote, unauthenticated attackers to leak stored '
'credential data without user interaction. The second '
'vulnerability, CVE-2026-1602 (CVSS 6.5), is a SQL injection '
'flaw enabling authenticated attackers to read arbitrary '
'database data, though it does not impact system integrity or '
'availability.',
'impact': {'data_compromised': ['Sensitive database information',
'User credentials'],
'systems_affected': ['Ivanti Endpoint Manager (EPM)']},
'investigation_status': 'Completed',
'post_incident_analysis': {'corrective_actions': ['Released EPM 2024 SU5 '
'patch'],
'root_causes': ['Authentication bypass flaw '
'(CVE-2026-1603)',
'SQL injection flaw '
'(CVE-2026-1602)']},
'recommendations': ['Apply the EPM 2024 SU5 update immediately',
'Review systems for potential unauthorized access'],
'references': [{'source': 'Ivanti Security Advisory'},
{'source': 'Trend Zero Day Initiative'}],
'response': {'containment_measures': ['Security updates (EPM 2024 SU5)'],
'remediation_measures': ['Apply EPM 2024 SU5 patch']},
'title': 'Ivanti Patches Critical Vulnerabilities in Endpoint Manager (EPM) '
'Platform',
'type': ['Authentication Bypass', 'SQL Injection'],
'vulnerability_exploited': ['CVE-2026-1603', 'CVE-2026-1602']}