At Ivanti, we are committed to delivering innovative, high-quality and secure solutions for our customers. We continue to invest significant resources to ensure that all our solutions continue to meet our own high standards. In the best interests of our customers, we are always investigating, assessing, monitoring and validating the security posture of our solutions. We collaborate with the broader security ecosystem to share intelligence and appreciate when we are made aware of issues via responsible disclosure from reputable sources.

As part of our ongoing strengthening of the security of our products we have discovered and fixed a vulnerability in the Ivanti Secure Access Client (ISAC). We are reporting this issue as CVE-2023-38041.

We encourage customers to download the latest releases of ISAC 22.6R1 (Windows) - to remediate the issues. This version is available for customers to download now (SSO login required).

More information on the CVEs and detailed instructions on how to remediate the vulnerability can be found in this Security Advisory.

We have no evidence of any customers having been impacted by any of the vulnerabilities at this time.

Our Support team is always here to help our customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Ivanti would like to thank Julian Horoszkiewicz (Eviden Red Team) for his assistance and cooperation in the discovery of and responsible disclosure of this vulnerability.

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.