CyberSecurity Malaysia

1.0 Introduction
Recently, Ivanti released critical security updates for Connect Secure, Policy Secure, Ivanti Cloud Services Application and Secure Access Client to address multiple High and Critical Severity Vulnerabilities.

2.0 Impact
These vulnerabilities, if exploited, cloud led to remote code execution, unauthorized access, and exposure of sensitive data.

3.0 Affected Products

Ivanti Connect Secure (ICS) versions 22.7R2.5 and below
Ivanti Policy Secure (IPS) versions 22.7R1.2 and below
Ivanti Secure Access Client (ISAC) versions 22.7R4 and below
Ivanti Cloud Services App (CSA) versions 5.0.4 and below

4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review Ivanti Security Release for more information and apply the necessary updates.

Kindly refer to the following URLs for more information:

Generally, Cyber999 advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:

E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my

5.0 References

Select User Category

Select User Category

Select User Category

Select User Category

Cyber999 Advisories

MA-1273.022025: MyCERT Advisory - Critical Vulnerabilities in Ivanti Products

Search

Type

Archives