Critical Vulnerabilities in Ivanti Endpoint Manager Expose Sensitive Data
Ivanti has recently addressed two significant security vulnerabilities in its Endpoint Manager (EPM) platform, which could potentially allow unauthorized access to sensitive database information and user credentials. These vulnerabilities, identified as CVE-2026-1603 and CVE-2026-1602, have been patched in the latest release, version 2024 SU5.
Overview of the Vulnerabilities
The first vulnerability, CVE-2026-1603, is an authentication bypass flaw with a CVSS score of 8.6, categorized as high severity. This flaw enables remote, unauthenticated attackers to access specific stored credential data without requiring user interaction. The vulnerability is classified under CWE-288, indicating improper authentication mechanisms.
The second vulnerability, CVE-2026-1602, is a SQL injection issue with a CVSS score of 6.5, considered medium severity. This flaw allows remote, authenticated attackers to read arbitrary data from the database, potentially exposing sensitive organizational information. While this vulnerability affects data confidentiality, it does not impact system integrity or availability.
Affected Versions and Resolutions
Organizations using Ivanti Endpoint Manager versions 2024 SU4 SR1 and earlier are susceptible to these vulnerabilities. The issues have been resolved in version 2024 SU5, which is now available through the Ivanti License System (ILS). Administrators are strongly encouraged to apply this update promptly to mitigate potential risks.
Discovery and Reporting
These vulnerabilities were discovered by security researcher 06fe5fd2bc53027c4a3b7e395af0b850e7b8a044, in collaboration with Trend Zero Day Initiative. Ivanti has publicly acknowledged the researcher’s contribution and emphasized its commitment to working with the security community to maintain product integrity.
Implications for Organizations
The authentication bypass vulnerability (CVE-2026-1603) is particularly concerning due to its potential to allow attackers to gain initial access to credential stores without prior authentication. This could lead to further exploitation and unauthorized access to sensitive systems and data.
The SQL injection vulnerability (CVE-2026-1602) underscores the importance of secure coding practices, as it allows attackers to manipulate database queries and access confidential information.
Recommendations
Organizations utilizing Ivanti Endpoint Manager should prioritize updating to version 2024 SU5 to address these vulnerabilities. Additionally, conducting security audits to ensure no unauthorized access has occurred prior to patching is advisable. Implementing robust monitoring and logging mechanisms can also help detect and respond to potential exploitation attempts.
Conclusion
The discovery and prompt patching of these vulnerabilities highlight the ongoing challenges in maintaining enterprise software security. Organizations must remain vigilant, promptly apply security updates, and adhere to best practices to protect sensitive data and maintain system integrity.
