diff --git a/docs/advisories/20240718004-Ivanti-Releases-New-Security-Advisories.md b/docs/advisories/20240718004-Ivanti-Releases-New-Security-Advisories.md new file mode 100644 index 00000000..74359985 --- /dev/null +++ b/docs/advisories/20240718004-Ivanti-Releases-New-Security-Advisories.md @@ -0,0 +1,19 @@ +# Ivanti Releases New Security Advisories - 20240718004 + +## Overview + +Ivanti has issued its July Security Update, which includes fixes for the following solutions: Ivanti Endpoint Manager (EPM), Ivanti Endpoint Manager for Mobile (EPMM) and Ivanti Docs@Work for Android + +## What is vulnerable? + +| Product(s) Affected | Version(s) | CVE | CVSS | Severity | +| ------------------- | ---------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ---------------------------------------------------------------- | +| Endpoint Manager (EPM) | all supported versions of EPM 2024 | [CVE-2024-37381](https://nvd.nist.gov/vuln/detail/CVE-2024-37381) | 8.4 | High | +| Endpoint Manager for Mobile (EPMM) | all supported versions of EPMM | [CVE-2024-36130](https://nvd.nist.gov/vuln/detail/CVE-2024-36130)
[CVE-2024-36131](https://nvd.nist.gov/vuln/detail/CVE-2024-36131)
[CVE-2024-36132](https://nvd.nist.gov/vuln/detail/CVE-2024-36132)
[CVE-2024-34788](https://nvd.nist.gov/vuln/detail/CVE-2024-34788)| 8.8
8.8
8.2
5.3 | High
High
High
Medium| +| Docs@Work for Android | all versions before 2.26.0 | [CVE-2024-37403](https://nvd.nist.gov/vuln/detail/CVE-2024-37403) | 5.0 | Medium | + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer [Patch Management](../guidelines/patch-management.md)): + +- [Ivanti July Security Update](https://www.ivanti.com/blog/july-security-update)