EPMM Security Update

Ivanti has released a critical security update addressing vulnerabilities within open-source libraries utilized by the on-premises Ivanti Endpoint Manager Mobile (EPMM) product. The vendor confirms that a limited number of customers have already experienced exploitation of these vulnerabilities, highlighting an active threat against affected environments. Importantly, cloud-based solutions such as Ivanti Neurons for MDM and Ivanti Sentry remain unaffected. The primary impact involves potential unauthorized access to on-premises management infrastructure, posing significant risks to endpoint security posture. Ivanti urges all customers operating on-prem EPMM to immediately apply the provided patch to mitigate risks. Additional support resources and detailed technical advisories are available via the Ivanti Success portal and security advisory pages. Organizations should prioritize patching to prevent further compromise, as the confirmed exploitation indicates active targeting by threat actors leveraging these specific library weaknesses within the EPMM architecture.

At Ivanti, transparency is a cornerstone of our commitment to customer security and trust. It is through such transparency that vulnerabilities are swiftly addressed, allowing our customers and the broader ecosystem to take proactive measures to safeguard their environments amidst a rapidly evolving and highly sophisticated threat landscape. To this end, we are issuing an important security update addressing vulnerabilities associated with open-source libraries used in Ivanti Endpoint Manager Mobile (EPMM). We have provided an FAQ below and in the Security Advisory . At the time of disclosure, we are aware of a very limited number of customers whose solution has been exploited. The issue only affects the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti Sentry, or any other Ivanti products. We urge all customers using the on-prem EPMM product to promptly install the patch. We have made additional resources and support teams available to assist customers in implementing the patch and addressing any concerns. Detailed information is available in our Security Advisory so that customers can protect their environment. Thank you to our customers and security partners for their engagement and support, which enabled our swift response to this issue. We remain committed to continuously improving our products and processes through collaboration and transparency with our stakeholders and the broader security ecosystem. Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ivanti has released a critical security update addressing vulnerabilities within open-source libraries utilized by the on-premises Ivanti Endpoint Manager Mobile (EPMM) product. The vendor confirms that a limited number of customers have already experienced exploitation of these vulnerabilities, highlighting an active threat against affected environments. Importantly, cloud-based solutions such as Ivanti Neurons for MDM and Ivanti Sentry remain unaffected. The primary impact involves potential unauthorized access to on-premises management infrastructure, posing significant risks to endpoint security posture. Ivanti urges all customers operating on-prem EPMM to immediately apply the provided patch to mitigate risks. Additional support resources and detailed technical advisories are available via the Ivanti Success portal and security advisory pages. Organizations should prioritize patching to prevent further compromise, as the confirmed exploitation indicates active targeting by threat actors leveraging these specific library weaknesses within the EPMM architecture. At Ivanti, transparency is a cornerstone of our commitment to customer security and trust. It is through such transparency that vulnerabilities are swiftly addressed, allowing our customers and the broader ecosystem to take proactive measures to safeguard their environments amidst a rapidly evolving and highly sophisticated threat landscape. To this end, we are issuing an important security update addressing vulnerabilities associated with open-source libraries used in Ivanti Endpoint Manager Mobile (EPMM). We have provided an FAQ below and in the Security Advisory . At the time of disclosure, we are aware of a very limited number of customers whose solution has been exploited. The issue only affects the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti Sentry, or any other Ivanti products. We urge all customers using the on-prem EPMM product to promptly install the patch. We have made additional resources and support teams available to assist customers in implementing the patch and addressing any concerns. Detailed information is available in our Security Advisory so that customers can protect their environment. Thank you to our customers and security partners for their engagement and support, which enabled our swift response to this issue. We remain committed to continuously improving our products and processes through collaboration and transparency with our stakeholders and the broader security ecosystem. Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program. At Ivanti, transparency is a cornerstone of our commitment to customer security and trust. It is through such transparency that vulnerabilities are swiftly addressed, allowing our customers and the broader ecosystem to take proactive measures to safeguard their environments amidst a rapidly evolving and highly sophisticated threat landscape. To this end, we are issuing an important security update addressing vulnerabilities associated with open-source libraries used in Ivanti Endpoint Manager Mobile (EPMM). We have provided an FAQ below and in the Security Advisory . At the time of disclosure, we are aware of a very limited number of customers whose solution has been exploited. The issue only affects the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti Sentry, or any other Ivanti products. We urge all customers using the on-prem EPMM product to promptly install the patch. We have made additional resources and support teams available to assist customers in implementing the patch and addressing any concerns. Detailed information is available in our Security Advisory so that customers can protect their environment. Thank you to our customers and security partners for their engagement and support, which enabled our swift response to this issue. We remain committed to continuously improving our products and processes through collaboration and transparency with our stakeholders and the broader security ecosystem. Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required). Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.