At Ivanti, responsible transparency is a cornerstone of our commitment to customer security and trust. We have a long-standing commitment to provide information that allows our customers and the broader security ecosystem to take proactive measures to safeguard their environments, while mitigating the risks of a rapidly evolving and highly sophisticated threat landscape.

To this end, we are issuing an important security update addressing vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). More information can be found in the Security Advisory. At the time of disclosure, we are aware of a very limited number of customers whose solution has been exploited.

The issue affects only the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti EPM (a similarly named, but different product), Ivanti Sentry, or any other Ivanti products.

We urge all customers using the on-prem EPMM product to promptly install the Security Update.

As we respond to this situation, we are making the following information available to defenders now:

  • Our Security Advisory, which describes the nature of the vulnerabilities and detailed remediation instructions for customers.
  • A Technical Analysis that includes affected endpoint specifics and log analysis guidance to support investigation and forensics.

We have a longstanding commitment to responsibly share information through Ivanti channels, as well as through coordination with government agencies and trusted security partners, to help defenders assess risk, prioritize remediation, and deploy defenses effectively. In this case, we determined that early proactive release of technical details concurrent with the patch aligns with responsible disclosure and arms defenders to best mitigate potential exploitation.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.