Ivanti has released security updates to fix critical vulnerabilities in Endpoint Manager (EPM), Avalanche, and Application Control Engine, including four EPM flaws (CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159) rated 9.8 on the CVSS scale, which could allow unauthenticated attackers to leak sensitive information. These issues affect versions prior to the January 2025 updates. Additionally, high-severity bugs in Avalanche and Application Control Engine were patched to prevent authentication bypass and data leakage. Meanwhile, SAP addressed two critical NetWeaver ABAP vulnerabilities (CVE-2025-0070, CVE-2025-0066, CVSS 9.9), urging users to apply patches promptly. Neither company has evidence of exploitation but has enhanced security measures.

‍