At Ivanti, we are committed to delivering innovative, high quality and secure solutions for our customers. We collaborate with the broader security ecosystem to share intelligence and appreciate when we are made aware of issues via responsible disclosure from reputable sources.

It is via a responsible disclosure that we recently learned of a new vulnerability impacting Ivanti Endpoint Manager versions 2022 and below. We are reporting the vulnerability as CVE-2023-28323. We have no evidence of any customers having been impacted by this new vulnerability.

There is a patch available now for impacted versions. More information and detailed instructions on how to remediate the vulnerability can be found in this Knowledge Base article. All future Service Updates (SU) will have the fix already applied, starting with version 2022 SU4.

Our Support team is always here to help our customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).