info@thehackernews.com (The Hacker News)
2025-01-16 01:39:00
thehackernews.com
Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure.
All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM, and concern absolute path traversal flaws that allow a remote unauthenticated attacker to leak sensitive information. The flaws are listed below –
- CVE-2024-10811
- CVE-2024-13161
- CVE-2024-13160, and
- CVE-2024-13159
The shortcomings affect EPM versions 2024 November security update and prior, and 2022 SU6 November security update and prior. They have been addressed in EPM 2024 January-2025 Security Update and EPM 2022 SU6 January-2025 Security Update.
Horizon3.ai security researcher Zach Hanley has been credited with discovering and reporting all vulnerabilities in question.
Also patched by Ivanti are multiple high-severity bugs in Avalanche versions prior to 6.4.7 and Application Control Engine before version 10.14.4.0 that could permit an attacker to bypass authentication, leak sensitive information, and get around the application blocking functionality.
The company said it has no evidence that any of the flaws are being exploited in the wild, and that it has intensified its internal scanning and testing procedures to promptly flag and address security issues.
The development comes as SAP released fixes to resolve two critical vulnerabilities in its NetWeaver ABAP Server and ABAP Platform (CVE-2025-0070 and CVE-2025-0066, CVSS scores: 9.9) that allows an authenticated attacker to exploit improper authentication checks in order to escalate privileges and access restricted information due to weak access controls.
“SAP strongly recommends that the customer visits the Support Portal and applies patches on priority to protect their SAP landscape,” the company said in its January 2025 bulletin.
Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.
Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.
Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!
Support Techcratic
If you find value in Techcratic’s insights and articles, consider supporting us with Bitcoin. Your support helps me, as a solo operator, continue delivering high-quality content while managing all the technical aspects, from server maintenance to blog writing, future updates, and improvements. Support Innovation! Thank you.
Bitcoin Address:
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge
Please verify this address before sending funds.
Bitcoin QR Code
Simply scan the QR code below to support Techcratic.
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.