Critical Vulnerabilities in Ivanti Endpoint Manager Expose Sensitive Data
Ivanti has recently addressed two significant security vulnerabilities in its Endpoint Manager (EPM) platform, which could have allowed unauthorized access to sensitive database information and user credentials. These vulnerabilities, identified as CVE-2026-1603 and CVE-2026-1602, have been patched in the latest release, version 2024 SU5.
Details of the Vulnerabilities:
1. CVE-2026-1603: This authentication bypass vulnerability carries a CVSS score of 8.6, indicating a high severity level. It enables remote, unauthenticated attackers to access specific stored credential data without requiring user interaction. The flaw is categorized under CWE-288, which pertains to improper authentication mechanisms.
2. CVE-2026-1602: With a CVSS score of 6.5, this medium-severity SQL injection vulnerability allows remote, authenticated attackers to read arbitrary data from the database. While it compromises data confidentiality, it does not impact system integrity or availability.
Affected Versions and Resolution:
Organizations utilizing Ivanti Endpoint Manager versions 2024 SU4 SR1 and earlier are susceptible to these vulnerabilities. The issues have been rectified in version 2024 SU5, which is now available through the Ivanti License System (ILS).
Recommendations:
Administrators are strongly advised to upgrade to EPM 2024 SU5 promptly to mitigate potential risks. Although Ivanti has confirmed that there was no active exploitation prior to the public disclosure, the release of technical details increases the urgency for organizations to apply the patches.
Acknowledgments:
The vulnerabilities were reported through Ivanti’s responsible disclosure program by security researcher 06fe5fd2bc53027c4a3b7e395af0b850e7b8a044, in collaboration with Trend Zero Day Initiative. Ivanti has acknowledged the researcher’s contribution and emphasized its commitment to collaborating with the security community to maintain product integrity.
Conclusion:
These vulnerabilities highlight the ongoing challenges in securing enterprise software, especially in endpoint management solutions that handle privileged access and sensitive organizational data. Organizations should prioritize updating their systems and conducting security audits to ensure no unauthorized access has occurred.
