At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. Our team has been rigorously assessing our products and collaborating with the broader security ecosystem to share intelligence. We remain committed to communicating findings openly with customers, consistent with our commitment to security and responsible disclosure. 

As part of our responsible disclosure program, vulnerabilities have been discovered and fixed in version 6.4.3 in the Ivanti Avalanche on-premise product. These vulnerabilities impact all supported versions of the products – Avalanche versions 6.3.1 and above. Older versions/releases are also at risk.  

It is important for customers to know: 

  • We have no evidence of these vulnerabilities being exploited in the wild. 
  • These vulnerabilities do not impact any other Ivanti products or solutions. 

More information on these vulnerabilities and detailed instructions on how to remediate these vulnerabilities can be found at the links in the Security Alert and release notes. 

Our Support team is always available to help customers. Cases can be logged via the Success portal (login credentials required). 

We would also like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative and Tenable Research for their contributions.

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.