Table of Contents
In this week’s Security Advisory
• Proof of Concept Released for Vulnerabilities in Ivanti Endpoint Manager
• Atlassian Patches Critical Vulnerabilities in Multiple Products
• Proof of Concept Released for Mongoose ODM Remote Code Execution
• Cisco patches Authorization Bypass Vulnerability
Proof of Concept Released for Vulnerabilities in Ivanti Endpoint Manager
Ivanti has announced that four vulnerabilities affecting its Endpoint Manager now have a Proof of Concept released. The vulnerabilities affected in the PoC are CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159. These were previously patched in January. However, a PoC increases the likelihood of exploitation, making it more urgent to ensure Ivanti EPM is patched to the latest version.
Original Advisory:
Ivanti has published an advisory detailing vulnerabilities affecting its Avalanche, Application Control Engine, and Endpoint Manager. Four of these vulnerabilities allow for path traversal in Ivanti EPM that could allow remote, unauthenticated users to access sensitive information. The Avalanche patch addresses issues for three high-severity path traversal vulnerabilities that remote unauthenticated users could exploit as well. The Application Control Engine received patches for one high-severity vulnerability, which would require authentication to be exploited.
Affected Versions
• A full list of the affected versions can be found here.
Recommendations
• Apply the latest updates released by Ivanti.
More Reading / Information
• https://www.securityweek.com/ivanti-patches-critical-vulnerabilities-in-endpoint-manager-2/
• https://www.ivanti.com/blog/january-security-update
Atlassian Patches Critical Vulnerabilities in Multiple Products
Atlassian has released patches for vulnerabilities affecting its Bamboo, Bitbucket, Confluence, Crowd, and Jira products. From the bulletin, these vulnerabilities look to only affect on-premise instances and not cloud instances. Some of the most critical vulnerabilities include Confluence and Crowd Data Center and Server. Those vulnerabilities are CVE-2024-50379 and CVE-2024-56337 (Both are CVSS 9.8/10) and could be exploited by unauthenticated attackers to achieve remote code execution. The last critical vulnerability, CVE-2024-52316 (CVSS 9.8/10), affects Apache Tomcat. This is exploitable by unauthenticated attackers and can lead to authentication bypass.
Affected Versions
• A full list of affected versions can be found here.
Recommendations
• Upgrade all affected products to the latest versions.
More Reading / Information
• https://confluence.atlassian.com/security/security-bulletin-february-18-2025-1510670627.html
• https://www.securityweek.com/atlassian-patches-critical-vulnerabilities-in-confluence-crowd/
Proof of Concept Released for Mongoose ODM Remote Code Execution
A proof of concept has been released for two critical severity vulnerabilities in Mongoose Object Data Modeling. The first vulnerability, CVE-2024-53900 (CVSS 9.1/10) can allow an attacker to execute code remotely on the Node.js. This vulnerability was previously patched, however, the second vulnerability CVE-2025-23061(CVSS 9/10) allows an attacker to bypass the patch for the first vulnerability.
Affected Versions
• All versions prior to 8.9.5.
Recommendations
• Upgrade to Mongoose 8.9.5.
More Reading / Information
• https://www.securityweek.com/vulnerabilities-in-mongodb-library-allow-rce-on-node-js-servers/
• https://www.npmjs.com/package/mongoose?activeTab=versions
Cisco patches Authorization Bypass Vulnerability
Cisco has patched multiple vulnerabilities this week. One of which was CVE-2025-20153 (CVSS 5.8/10), this affects the Cisco Secure Email Gateway which can allow an unauthenticated remote attacker to bypass the gateway’s rules and permit malicious emails into the environment. This could be exploited by sending a specially crafted email through the gateway.
Affected Versions
• A full list of affected vulnerabilities can be found here.
Recommendations
• Upgrade the affected software to the latest versions.
More Reading / Information
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-mailpol-bypass-5nVcJZMw
• https://sec.cloudapps.cisco.com/security/center/publicationListing.x
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.