At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. We continue to invest significant resources to ensure that all our solutions continue to meet our own high standards and industry best practices.   To this end, we are making important security enhancements, outlined here, that better enable us to anticipate, prevent and protect against future threats. We remain committed to communicating openly with customers, consistent with our commitment to security and responsible disclosure. 

This commitment includes enhancements to our vulnerability management program to better and more quickly identify and address potential issues in collaboration with the broader security ecosystem.

As part of this effort, vulnerabilities were discovered in our Ivanti Connect Secure and Policy Secure products. We are reporting the vulnerabilities as CVE-2024-21894, CVE-2024-22052, CVE-2024-22053 and CVE-2024-22023. A patch is now available for all supported versions of Ivanti Connect Secure and Policy Secure. There is also an updated external ICT available for these updates.

It is important for customers to know:

  • We have no evidence of these vulnerabilities being exploited in the wild.
  • These vulnerabilities do not impact any other Ivanti products or solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the vulnerability can be found in this Security Advisory.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

We would also like to thank n3k from TIANGONG Team of Legendsec at QI-ANXIN Group for their contributions.