Ivanti vulnerabilities are being exploited widely, CISA says in emergency directive

Civilian agencies across the U.S. government are being ordered to immediately patch two vulnerabilities affecting a popular tool from IT company Ivanti after the nation’s top cybersecurity watchdog warned of widespread exploitation. The Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm on Friday about CVE-2023-46805 and CVE-2024-21887 — two bugs affecting Ivanti Policy Secure

agency alarm cisa civilian cve cve-2023-46805 cve-2024-21887 cybersecurity emergency emergency directive exploitation exploited government government news industry news infrastructure infrastructure security ivanti nation patch popular security technology news tool u.s. government vulnerabilities watchdog