Tag
#ivanti
5 posts tagged #ivanti.
-
Analysis · Jun 18, 2026 · Colten Anderson
Patching Ivanti Sentry Closes the Door. It Doesn't Evict the Guest.
Shadowserver found backdoored Ivanti Sentry instances within 48 hours of the PoC and said the rest are most likely compromised. The patch is step one, not the answer.
-
Analysis · May 20, 2026 · Colten Anderson
Ivanti Endpoint Manager: the management server that can be coerced into handing over credentials
CVE-2024-13159, 13160, and 13161 are path-traversal/credential-coercion flaws in Ivanti Endpoint Manager that let an attacker make the EPM server authenticate to them and relay it. It's another Ivanti product, and another privileged management server worth defending as tier-zero.
-
Analysis · May 20, 2026 · Colten Anderson
When a vulnerability is shaped exactly like a backdoor
CVE-2021-44529 triggers when you send Ivanti's appliance a cookie that says 'ab' followed by base64 the server decodes and runs. That's not what an accidental bug looks like. Whether it was planted or just terrible code, the lesson about dependency provenance is the same.
-
Analysis · May 8, 2026 · Colten Anderson
Ivanti Connect Secure: the perimeter that keeps breaking
Five KEV-listed Ivanti Connect Secure bugs in fifteen months, all ransomware-tagged, all on the unauthenticated path. The pledge bought goodwill. The code did not change.
-
Analysis · May 8, 2026 · Colten Anderson
Ivanti EPMM has produced a confirmed zero-day every year since 2023. Here's the full chain.
Twelve CVEs. Four exploitation waves. Three years. One product line. A complete accounting of Ivanti EPMM's zero-day history, from the Norwegian government breach to this week's credential chain.