16
Open CVEs
1
Exploited
1
KEV
16
Unpatched
4
No Workaround
7
Internet-facing
Why this provider is risky now
This provider has 16 open CVE(s) in the last 90 days. 1 listed in CISA KEV (known exploited). 16 have no vendor patch. 7 affect internet-facing services. 4 impact the management/identity plane.
1 KEV
1 Exploited
16 Unpatched
4 Mgmt / Admin Plane
1 Public PoC
4 No Workaround
7 Internet-facing
Top Risky CVEs
Remote code execution in Ivanti Endpoint Manager Mobile (EPMM) allows authenticated administrators to execute arbitrary code on the server. Affects EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 through improper input validation vulnerabilities. While requiring high-privilege administrator credentials (CVSS PR:H), the vulnerability enables complete system compromise once authenticated, with high impact to confidentiality, integrity, and availability. No public exploit or active exploitation confirmed at time of analysis.
Within 24 hours: Inventory all EPMM deployments and document current versions; audit and restrict EPMM administrator account access to principle of least privilege. Within 7 days: Upgrade all EPMM instances to versions 12.6.1.1, 12.7.0.1, or 12.8.0.1 or later; verify patch application across all servers. Within 30 days: Conduct credential audit of all EPMM administrator accounts; implement multi-factor authentication for administrative access if not already deployed; perform integrity verification of EPMM servers for unauthorized changes.
Edge exposure
ICT dependency
Active exploitation
No patch available
KEV
PoC
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-20: Improper Input Validation)
- • Third-party ICT: Ivanti
- • Exploited in the wild (CISA KEV)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Ivanti (Network & Security)
- • Known exploited vulnerability (KEV)
- • No remediation available
7.2
CVSS
5.0%
EPSS
131
Priority
Certificate validation bypass in Ivanti Endpoint Manager Mobile (EPMM) allows remote unauthenticated attackers to impersonate registered Sentry hosts and fraudulently obtain CA-signed client certificates. Affects all versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1. High-severity network attack (CVSS 8.9) with changed scope indicating potential pivot to additional systems. No active exploitation confirmed in CISA KEV at time of analysis, but Ivanti products are frequent targets requiring immediate patching priority.
Within 24 hours: Inventory all EPMM deployments and document current versions; disable external access to EPMM management interfaces where possible and restrict network access via firewall rules to administrative networks only. Within 7 days: Contact Ivanti support to confirm patch availability and timeline for your specific EPMM version (12.6.x, 12.7.x, or 12.8.x); apply security updates for versions 12.6.1.1, 12.7.0.1, or 12.8.0.1 if released. Within 30 days: Complete upgrade to patched EPMM version across all environments; audit certificate issuance logs for anomalous certificate requests; re-validate Sentry host registrations and revoke any certificates issued during exposure window.
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Ivanti
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Ivanti (Network & Security)
- • No remediation available
8.9
CVSS
0.0%
EPSS
65
Priority
Privilege escalation in Ivanti Endpoint Manager Mobile (EPMM) allows remote authenticated attackers with low-level credentials to gain full administrative access. Affected versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 contain an improper access control flaw (CWE-284) that enables credential-holding users to bypass authorization checks and assume administrative privileges. With CVSS 8.8 (High) and network-exploitable attack vector requiring only low privileges, this represents a significant risk for enterprise mobile device management environments, though EPSS data and active exploitation status are not available at time of analysis.
Within 24 hours: Inventory all Ivanti EPMM deployments and document current versions in use; restrict EPMM administrative console access to only essential administrators pending patch deployment. Within 7 days: Upgrade to EPMM version 12.6.1.1, 12.7.0.1, or 12.8.0.1 or later per vendor guidance; prioritize production environments first. Within 30 days: Complete upgrade of all remaining EPMM instances; audit administrative access logs for unauthorized privilege escalation attempts since deployment date.
Edge exposure
ICT dependency
No patch available
Management plane
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing technique: authentication-bypass
- • Third-party ICT: Ivanti
- • No patch available
- • Management plane (Improper Access Control)
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Ivanti (Network & Security)
- • No remediation available
- • Authentication / access control weakness
8.8
CVSS
0.4%
EPSS
64
Priority
Improper certificate validation in Ivanti Endpoint Manager Mobile (EPMM) enables remote unauthenticated attackers to enroll restricted devices without authorization, exposing appliance configuration details and compromising enrolled device identity integrity. Affects EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. CVSS 7.4 with high attack complexity suggests exploitation requires specific timing or conditions. No confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis, though Ivanti products have been frequent targets of nation-state actors in recent years.
Within 24 hours: Inventory all EPMM deployments and confirm installed versions against affected ranges (pre-12.6.1.1, pre-12.7.0.1, pre-12.8.0.1); isolate any critical EPMM instances if patch verification is incomplete. Within 7 days: Apply vendor patch to upgrade EPMM to version 12.6.1.1, 12.7.0.1, or 12.8.0.1 or later; validate patch deployment across all instances. Within 30 days: Audit enrollment logs for unauthorized device onboarding during vulnerability window; revoke and re-enroll any suspicious devices; review appliance configuration exports for unauthorized access.
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Ivanti
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Ivanti (Network & Security)
- • No remediation available
7.4
CVSS
0.0%
EPSS
57
Priority
Remote unauthenticated attackers can invoke arbitrary methods in Ivanti Endpoint Manager Mobile (EPMM) via improper access control flaws, enabling authentication bypass and potential system compromise. Affects versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1. The CVSS vector indicates network-accessible exploitation with high attack complexity, resulting in high integrity impact and limited confidentiality/availability impact. No active exploitation confirmed via CISA KEV at time of analysis, though the authentication bypass tag and Ivanti's history of targeted attacks warrant elevated monitoring.
Within 24 hours: Inventory all Ivanti EPMM deployments and document current versions; restrict network access to EPMM infrastructure to trusted networks only via firewall/WAF rules. Within 7 days: Upgrade affected instances to patched versions (12.6.1.1, 12.7.0.1, or 12.8.0.1 depending on current branch); validate upgrades in staging environment first. Within 30 days: Conduct forensic review of EPMM access logs for unauthorized method invocations; implement enhanced monitoring for anomalous EPMM API activity; document any unpatched systems with explicit risk acceptance.
Edge exposure
ICT dependency
No patch available
Management plane
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing technique: authentication-bypass
- • Third-party ICT: Ivanti
- • No patch available
- • Management plane (Improper Access Control)
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Ivanti (Network & Security)
- • No remediation available
- • Authentication / access control weakness
7.0
CVSS
0.2%
EPSS
55
Priority
Path traversal in Ivanti Xtraction enables remote authenticated attackers with low-level privileges to read sensitive system files and inject arbitrary HTML into web-accessible directories, creating risks of credential theft, configuration exposure, and client-side attacks against other users. CVSS 9.6 severity driven by scope change (S:C) indicates the attacker can impact resources beyond the vulnerable component. No public exploit or CISA KEV listing identified, but vendor advisory confirms the vulnerability affects all versions prior to 2026.2.
Within 24 hours: Identify and inventory all Ivanti Xtraction deployments and their current versions; disable or restrict network access to affected instances. Within 7 days: Contact Ivanti for patch availability timeline and interim guidance; implement network segmentation to limit authentication access to Xtraction. Within 30 days: Apply vendor-released patch to version 2026.2 or later upon availability; audit access logs for suspicious authenticated activity and file access patterns.
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Third-party ICT: Ivanti
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Ivanti (Network & Security)
- • No remediation available
9.6
CVSS
0.1%
EPSS
48
Priority
SQL injection in Ivanti Endpoint Manager web console enables authenticated remote attackers to execute arbitrary code on the server. Affects all versions prior to 2024 SU6. Attack requires only low-privilege authenticated access (CVSS PR:L) with low complexity (AC:L), making exploitation straightforward for any authenticated user. Ivanti has released patched version 2024 SU6 per vendor advisory dated May 2026. No CISA KEV listing or public exploit code identified at time of analysis, indicating exploitation not yet confirmed in the wild despite high severity score.
Within 24 hours: Identify all Ivanti Endpoint Manager deployments and document current versions across the environment. Within 7 days: Upgrade all instances to Ivanti Endpoint Manager 2024 SU6 or later per vendor advisory dated May 2026; prioritize production systems first. Within 30 days: Complete inventory validation and conduct access reviews for web console accounts to identify and revoke unnecessary authenticated sessions.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-89: SQL Injection)
- • Third-party ICT: Ivanti
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Ivanti (Network & Security)
- • No remediation available
8.8
CVSS
0.3%
EPSS
44
Priority
Remote code execution in Ivanti Secure Access Client versions prior to 22.8R6 allows unauthenticated attackers to run arbitrary code on endpoints by exploiting improper TLS certificate validation, contingent on user interaction (UI:R). No public exploit identified at time of analysis, but the CVSS 8.8 rating and Ivanti's own advisory disclosure mark this as a high-priority client-side risk for organizations using the VPN client.
24 hours: Inventory Ivanti Secure Access Client deployments across all endpoints and document installed versions; brief executive and operational teams on risk; implement endpoint-level monitoring and alerting. 7 days: Contact Ivanti for 22.8R6 release timeline; begin EDR deployment or enhancement on affected systems; restrict VPN usage to essential business functions where operationally feasible. 30 days: Obtain and validate Ivanti Secure Access Client 22.8R6 or later; develop staged deployment plan; begin rollout to endpoints with comprehensive post-patch verification.
Edge exposure
ICT dependency
No patch available
Why flagged?
DORA Relevant
- • HIGH severity
- • ICT provider: Ivanti (Network & Security)
- • No remediation available
8.8
CVSS
0.1%
EPSS
44
Priority
Privilege escalation in Ivanti DSM versions before 2026.1.1 stems from an exposed dangerous method that allows authenticated local users to gain elevated system privileges. An attacker with local access could exploit this vulnerability to obtain high-level permissions, compromising system integrity and confidentiality. No patch is currently available for this issue.
Within 24 hours: Inventory all Ivanti DSM deployments and identify systems running versions prior to 2026.1.1; restrict local access to DSM systems to trusted administrative personnel only. Within 7 days: Implement network segmentation to isolate DSM systems; enable enhanced logging and monitoring for privilege escalation attempts; review and revoke unnecessary local user accounts. Within 30 days: Monitor Ivanti security advisories for patch release; conduct penetration testing of DSM systems post-remediation; plan and execute upgrade to version 2026.1.1 or later once available.
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Ivanti
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Ivanti (Network & Security)
- • No remediation available
7.8
CVSS
0.0%
EPSS
39
Priority
Race condition in Ivanti Secure Access Client enables local privilege escalation to SYSTEM from low-privileged accounts. Affects versions before 22.8R6. An authenticated local user can exploit timing vulnerabilities in the client software to gain complete system control. While limited to local attack vector (requires existing access to the target system), the low attack complexity (AC:L) and lack of user interaction requirement (UI:N) make this exploitable once local access is achieved. No public exploit code identified at time of analysis, and EPSS risk scoring not yet available for this 2026 CVE.
Within 24 hours: Inventory all systems running Ivanti Secure Access Client and document current versions via endpoint management tools; notify affected user populations that local account compromise poses elevated risk. Within 7 days: Restrict local administrative access and enforce application whitelisting where feasible; deploy endpoint detection and response (EDR) rules to flag suspicious privilege escalation attempts on Ivanti processes; evaluate isolation or network segmentation of high-value systems. Within 30 days: Upgrade to Ivanti Secure Access Client 22.8R6 or later when available; apply principle of least privilege across user accounts to minimize local exploitation surface; conduct threat hunting for signs of past exploitation.
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Ivanti
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Ivanti (Network & Security)
- • No remediation available
7.8
CVSS
0.0%
EPSS
39
Priority
By Exposure
Internet-facing
7
Mgmt / Admin Plane
4
Identity / Auth
0
Internal only
7
By Exploitability
Known exploited
1
Public PoC
1
High EPSS (>30%)
0
Remote unauthenticated
4
Local only
4
By Remediation
Patch available
0
No patch
16
Workaround available
12
No workaround
4
Affected Services / Product Families
Ivanti
16 CVE(s)
+ 6 more