Introduction

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, posing significant risks to the federal enterprise. These vulnerabilities, which include flaws in Omnissa Workspace, SolarWinds Web Help Desk, and Ivanti Endpoint Manager, should be prioritized for remediation to protect against active threats. According to CISA, organizations should stay informed about the latest vulnerabilities and take proactive measures to protect against active threats. The KEV Catalog is a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise, and its updates are crucial for organizations to maintain the security of their systems.

The addition of these vulnerabilities to the KEV Catalog highlights the importance of regular vulnerability management and patching practices. Organizations should ensure that their systems are up-to-date with the latest security patches and that they have implemented robust security controls to prevent exploitation of these vulnerabilities. Furthermore, the fact that these vulnerabilities are being actively exploited by malicious cyber actors emphasizes the need for organizations to be proactive in their security efforts.

Vulnerability Management and Patching

The added vulnerabilities include a Server-Side Request Forgery (SSRF) in Omnissa Workspace, a Deserialization of Untrusted Data Vulnerability in SolarWinds Web Help Desk, and an Authentication Bypass Vulnerability in Ivanti Endpoint Manager. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Specifically, the vulnerabilities are:

CVE-2021-22054: Omnissa Workspace ONE Server-Side Request Forgery
CVE-2025-26399: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVE-2026-1603: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability As CISA advises, these vulnerabilities should be prioritized for remediation to reduce the risk of cyberattacks. The Binding Operational Directive (BOD) 22-01 established the KEV Catalog as a key component of vulnerability management practices, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats.

The Server-Side Request Forgery (SSRF) vulnerability in Omnissa Workspace allows an attacker to trick the server into making unintended requests, potentially leading to unauthorized access to sensitive data. This vulnerability can be exploited by sending a crafted request to the server, which can then be used to access internal resources or make requests to other services. To mitigate this vulnerability, organizations should ensure that their Omnissa Workspace servers are updated with the latest security patches and that they have implemented robust security controls, such as input validation and sanitization, to prevent SSRF attacks.

The Deserialization of Untrusted Data Vulnerability in SolarWinds Web Help Desk allows an attacker to execute arbitrary code on the server by sending a crafted request with malicious data. This vulnerability can be exploited by sending a request with serialized data that, when deserialized, executes malicious code. To mitigate this vulnerability, organizations should ensure that their SolarWinds Web Help Desk servers are updated with the latest security patches and that they have implemented robust security controls, such as input validation and sanitization, to prevent deserialization attacks.

The Authentication Bypass Vulnerability in Ivanti Endpoint Manager allows an attacker to bypass authentication mechanisms and gain unauthorized access to the system. This vulnerability can be exploited by sending a crafted request that bypasses the authentication mechanisms, potentially allowing an attacker to access sensitive data or make changes to the system. To mitigate this vulnerability, organizations should ensure that their Ivanti Endpoint Manager servers are updated with the latest security patches and that they have implemented robust security controls, such as multi-factor authentication, to prevent authentication bypass attacks.

Recommendations and Takeaways

Organizations should prioritize remediation of the added vulnerabilities to protect against active threats. This includes:

Regularly reviewing and updating vulnerability management practices to ensure timely remediation of known exploited vulnerabilities
Staying informed about the latest vulnerabilities and threats through reputable sources such as CISA and the KEV Catalog
Implementing patches and updates for affected products, including Omnissa Workspace, SolarWinds Web Help Desk, and Ivanti Endpoint Manager Additionally, organizations should consider the following best practices:
Conducting regular vulnerability scans to identify potential weaknesses
Implementing a robust incident response plan to quickly respond to security incidents
Providing ongoing security awareness training to employees to prevent social engineering attacks
Implementing robust security controls, such as input validation and sanitization, to prevent attacks
Ensuring that all systems are up-to-date with the latest security patches and updates
Implementing multi-factor authentication to prevent authentication bypass attacks

By following these recommendations and staying informed about the latest vulnerabilities, organizations can reduce their exposure to cyberattacks and protect their systems against active threats. As CISA strongly urges, all organizations should prioritize timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice to reduce the risk of cyberattacks.

Mitigation Guidance

To mitigate the vulnerabilities, organizations should follow these steps:

Identify affected systems: Organizations should identify all systems that are affected by the vulnerabilities, including Omnissa Workspace, SolarWinds Web Help Desk, and Ivanti Endpoint Manager.
Implement patches and updates: Organizations should implement patches and updates for affected products as soon as possible.
Conduct vulnerability scans: Organizations should conduct regular vulnerability scans to identify potential weaknesses and ensure that all systems are up-to-date with the latest security patches and updates.
Implement robust security controls: Organizations should implement robust security controls, such as input validation and sanitization, to prevent attacks.
Provide security awareness training: Organizations should provide ongoing security awareness training to employees to prevent social engineering attacks.
Implement multi-factor authentication: Organizations should implement multi-factor authentication to prevent authentication bypass attacks.

By following these steps, organizations can mitigate the vulnerabilities and reduce their exposure to cyberattacks. It is essential to note that mitigation is an ongoing process, and organizations should regularly review and update their security practices to ensure that they are protected against the latest threats.

What to Do Now

Security practitioners should take the following prioritized action items:

Review the KEV Catalog and identify affected products in their organization's environment
Implement patches and updates for affected products, including Omnissa Workspace, SolarWinds Web Help Desk, and Ivanti Endpoint Manager
Conduct regular vulnerability scans to identify potential weaknesses
Implement a robust incident response plan to quickly respond to security incidents
Provide ongoing security awareness training to employees to prevent social engineering attacks
Implement multi-factor authentication to prevent authentication bypass attacks
Ensure that all systems are up-to-date with the latest security patches and updates
Implement robust security controls, such as input validation and sanitization, to prevent attacks By taking these steps, organizations can protect their systems against active threats and reduce their exposure to cyberattacks. Remember to stay informed about the latest vulnerabilities and threats through reputable sources such as CISA and the KEV Catalog, and to regularly review and update vulnerability management practices to ensure timely remediation of known exploited vulnerabilities.

Articles tagged: ivanti-endpoint-manager

CISA Adds Three New Vulnerabilities to KEV Catalog