all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Exploited Ivanti Connect SSRF vulnerability traced back to 'xmltooling' OSS library

Add to bookmarks
Feb. 5, 2024, 12:42 p.m. | Ax Sharma

Sonatype Blog blog.sonatype.com




Over the past few weeks, vulnerabilities in proprietary Ivanti products, in particular Ivanti Connect Secure, Policy Secure, and ZTA gateways, have been making headlines for their active exploitation in the wild.

back connect devzone exploitation exploited featured gateways ivanti ivanti connect secure library making nexus lifecycle oss policy products ssrf vulnerabilities vulnerability zta

Visit resource

More from blog.sonatype.com / Sonatype Blog

Sonatype Lifecycle best practices: Getting started and managing SBOMs 2 days, 18 hours ago | blog.sonatype.com
applications best practices critical dependencies +13
DevOps pioneers navigate organizational transformation 1 week, 2 days ago | blog.sonatype.com
depth devops devops transformation download +13
Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens' 1 week, 4 days ago | blog.sonatype.com
cases dependency dependency confusion flood +19
The essential duo of SCA and SBOM management 2 weeks, 1 day ago | blog.sonatype.com
application application security attacks duo +16
Automating and maintaining SBOMs 3 weeks, 1 day ago | blog.sonatype.com
artifact automation bill components +11
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and libzma 3 weeks, 5 days ago | blog.sonatype.com
attack attacks backdoor bank +26
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma 3 weeks, 5 days ago | blog.sonatype.com
attack attacks backdoor bank +26
SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern 4 weeks, 1 day ago | blog.sonatype.com
apache cyclonedx devzone experience +14
Cyber readiness and SBOMs 1 month ago | blog.sonatype.com
academic academic research advanced bills +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Associate Principal Security Engineer

@ Activision Blizzard | Work from Home - CA
View on infosec-jobs.com

Security Engineer- Systems Integration

@ Meta | Bellevue, WA | Menlo Park, CA | New York City
View on infosec-jobs.com

Lead Security Engineer (Digital Forensic and IR Analyst)

@ Blue Yonder | Hyderabad
View on infosec-jobs.com

Senior Principal IAM Engineering Program Manager Cybersecurity

@ Providence | Redmond, WA, United States
View on infosec-jobs.com

Information Security Analyst II or III

@ Entergy | The Woodlands, Texas, United States
View on infosec-jobs.com
View more jobs