1
Open CVEs
0
Exploited
0
KEV
1
Unpatched
0
No Workaround
1
Internet-facing
Why this provider is risky now
This provider has 1 open CVE(s) in the last 14 days. 1 have no vendor patch. 1 affect internet-facing services.
1 Unpatched
1 Internet-facing
Top Risky CVEs
Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run arbitrary code on endpoints by exploiting improper TLS certificate validation, contingent on user interaction (UI:R). No public exploit identified at time of analysis, but the CVSS 8.8 rating and Ivanti's own advisory disclosure mark this as a high-priority client-side risk for organizations using the VPN client.
24 hours: Inventory Ivanti Secure Access Client deployments across all endpoints and document installed versions; brief executive and operational teams on risk; implement endpoint-level monitoring and alerting. 7 days: Contact Ivanti for 22.8R6 release timeline; begin EDR deployment or enhancement on affected systems; restrict VPN usage to essential business functions where operationally feasible. 30 days: Obtain and validate Ivanti Secure Access Client 22.8R6 or later; develop staged deployment plan; begin rollout to endpoints with comprehensive post-patch verification.
Edge exposure
ICT dependency
No patch available
Why flagged?
DORA Relevant
- • HIGH severity
- • ICT provider: Ivanti (Network & Security)
- • No remediation available
8.8
CVSS
0.1%
EPSS
44
Priority
By Exposure
Internet-facing
1
Mgmt / Admin Plane
0
Identity / Auth
0
Internal only
0
By Exploitability
Known exploited
0
Public PoC
0
High EPSS (>30%)
0
Remote unauthenticated
1
Local only
0
By Remediation
Patch available
0
No patch
1
Workaround available
1
No workaround
0