Ivanti releases standard security patches on the second Tuesday of every month. In today’s rapidly evolving technology and threat landscape, we believe responsible transparency should be a cornerstone of any product security programme. AI is compressing the time-to-exploit, and Ivanti uses leading technologies to proactively find and fix issues ––including integrating advanced LLMs into our Engineering and product security to enhance the capabilities of our teams.

Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management programme. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments.

To that end, today Ivanti is disclosing vulnerabilities in Ivanti Secure Access Client, Xtraction, Virtual Traffic Manager and Endpoint Manager (EPM).

It is important for customers to know:

  • We have no evidence of these vulnerabilities being exploited in the wild.
  • These vulnerabilities do not impact any other Ivanti solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in the Security Advisories:

How AI will affect vulnerability announcements in our products

Ivanti continues to explore, test, and implement leading technologies and processes in every stage of our product development. In recent months, our security team began a project to integrate multiple advanced LLM models into our product security processes.

This project has increased the capabilities of our Engineering and Product Security Red Teams to identify and fix vulnerabilities, especially those that are difficult to identify with traditional tooling, such as SAST and DAST. We have already successfully identified vulnerabilities which traditional tools missed, including some of those disclosed today.

As these tools are integrated further into our processes and refined, we expect an increase in vulnerability disclosures. We will continue to share transparently what we have found and resolved to ensure the security of our products. If you are not already following our Security Blog or subscribed to receive alerts for updates on the products you own through the Ivanti Innovators Hub, we highly recommend you do so.

Importantly, we are committed to using AI responsibly in product security, including keeping a human in the loop to verify automated or agentic work. While this will result in an uptick in disclosures, we see this as a good thing, and an important part of ensuring our products keep pace with modern security requirements as they change.

Our top priority is the security of our customers and believe the increase in identified, resolved, and transparently communicated vulnerabilities demonstrates that commitment.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Ivanti Innovators Hub (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email programme.