Whack-A-Mole: The Ivanti Endpoint Manager Mobile Vulnerabilities Saga

Two zero-day vulnerabilities have been found in Ivanti’s Endpoint Manager Mobile product. These vulnerabilities were exploited in targeted cyberattacks on Norwegian government ministries and allow bypassing of admin authentication and ACL restrictions.