Skip to content Skip to footer

Ivanti Discloses Critical Flaw in Standalone Sentry – Urges Immediate Fixes

, a software company that provides IT management solutions, recently announced that it has discovered a severe vulnerability called Standalone Sentry. This vulnerability could allow threat actors to execute arbitrary commands on the appliance's underlying operating system within the same physical or logical network. This critical flaw has been assigned a Common Vulnerability Scoring System (CVSS) score of 9.6, which indicates that it is highly vital and requires immediate attention.

The vulnerability impacts all supported versions of Standalone Sentry, including 9.17.0, 9.18.0, and 9.19.0, as well as older versions. The company has recommended that its customers apply the necessary patches as soon as possible to protect themselves against . has made a patch available for download via its standard download portal.

has credited the NATO Centre for its collaboration on this issue but has emphasized that it is unaware of any customers affected by the vulnerability. The company has also stated that “threat actors without a valid TLS client certificate enrolled through EPMM cannot directly this issue on the internet.”

In related news, SonarSource, a company that provides code quality and security tools, has reported a mutation cross-site scripting (XSS) flaw in an email client called Mailspring or Nylas Mail. This flaw, assigned a -2023-47479 identifier, could allow attackers to bypass and Content Security Policy (CSP) protections and achieve code execution when a user replies to or forwards a malicious email.

According to security researcher Yaniv Nizry, the flaw takes advantage of the fact that the payload seems innocent initially when parsed but mutates to a malicious one when re-parsed in the final stage of displaying the content. Therefore, users should update their email clients and exercise caution when opening emails from unknown or suspicious sources.

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

I knew you'd escape. They haven't built a circuit that could hold you!Yori

Deitasoft © 2024. All Rights Reserved.