Fixes have been issued by Ivanti for a maximum severity flaw impacting its Endpoint Management software, tracked as CVE-2024-29847, which could be leveraged to facilitate remote code execution in and compromise of the EPM core server, BleepingComputer reports.
No active exploitation of the vulnerability, which stemmed from the agent portal's untrusted data serialization issue, has been observed so far, according to Ivanti, which also patched nearly two dozen other critical and high-severity bugs in EPM, Cloud Service Appliance, and Workspace Control. Ivanti has also touted the implementation of more robust internal scanning, testing, and manual exploitation capabilities to accelerate vulnerability remediation efforts following the recent comprehensive exploitation of zero-days affecting its products. "This has caused a spike in discovery and disclosure, and we agree with CISA's statement that the responsible discovery and disclosure of CVEs is 'a sign of healthy code analysis and testing community," added Ivanti.