Full Report
Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager, the most severe of which could allow for authentication bypass. Ivanti Endpoint Manager is a client-based unified endpoint management software. Successful exploitation of the most severe of these vulnerabilities could a remote unauthenticated attacker to leak specific stored credential data.
Analysis Summary
# Vulnerability: Multiple Flaws in Ivanti Endpoint Manager Allowing Credential Leakage and Data Access
## CVE Details
- CVE ID: CVE-2026-1603, CVE-2026-1602
- CVSS Score: Not explicitly provided for individual CVEs, but the most severe (CVE-2026-1603) allows for unauthenticated credential leakage, suggesting a high score.
- CWE: Not explicitly provided, but techniques imply Authentication Bypass/Improper Input Validation.
## Affected Systems
- Products: Ivanti Endpoint Manager
- Versions: 2024 SU4 SR1 and prior (fixed in 2024 SU5)
- Configurations: N/A
## Vulnerability Description
Multiple vulnerabilities exist, the most critical being an **Authentication Bypass (CVE-2026-1603)** that allows a remote, unauthenticated attacker to leak specific stored credential data. A secondary finding is an **SQL Injection (CVE-2026-1602)** which allows a remote, authenticated attacker to read arbitrary data from the database. Successful exploitation of the most severe flaw leads to the leakage of stored credentials.
## Exploitation
- Status: Currently no reports of exploitation in the wild.
- Complexity: CVE-2026-1603 (Authentication Bypass) is likely **Low** given the potential for unauthenticated access to leak data.
- Attack Vector: Network (Remote)
## Impact
- Confidentiality: **High** (Leakage of specific stored credential data via CVE-2026-1603; read arbitrary data via CVE-2026-1602).
- Integrity: Low (Primary impact is confidentiality).
- Availability: Low (No direct impact reported).
## Remediation
### Patches
- Apply Ivanti Endpoint Manager version **2024 SU5** or later.
### Workarounds
- No specific immediate workarounds are detailed beyond applying the patch, emphasizing the need for immediate update application per Safeguard M1051.
## Detection
- No specific Indicators of Compromise (IOCs) are provided in the summary.
- **Detection Strategies:** Implement robust vulnerability scanning (authenticated/unauthenticated, at least quarterly) and monitor network traffic for anomalous requests targeting EPM services that bypass expected authentication mechanisms. Review system and application logs for signs of unauthorized database access or unexpected network activity originating from unauthenticated sources.
## References
- Ivanti Advisory: hxxps://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US
- CVE-2026-1602: hxxps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1602
- CVE-2026-1603: hxxps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1603