轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202601-00000028

[內容說明]
Ivanti Endpoint Manager Mobile (EPMM)是一款移動設備管理解決方案，能集中管理iOS、Android、macOS和Windows設備。
日前發布安全性更新已修補2個重大資安漏洞(CVE-2026-1281和CVE-2026-1340，皆為CVSS：9.8)，前述漏洞皆為程式碼注入漏洞，允許未經身分驗證的攻擊者執行遠端程式碼。

[影響平台]
Ivanti Endpoint Manager Mobile 12.5.0.0 (含)更早版本
Ivanti Endpoint Manager Mobile 12.5.1.0 (含)更早版本
Ivanti Endpoint Manager Mobile 12.6.0.0 (含)更早版本
Ivanti Endpoint Manager Mobile 12.6.1.0 (含)更早版本
Ivanti Endpoint Manager Mobile 12.7.0.0 (含)更早版本

[建議措施]
根據官方網站釋出的解決方式進行修補：https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000028

[Content Description]
Ivanti Endpoint Manager Mobile (EPMM) is a mobile device management solution that centrally manages iOS, Android, macOS, and Windows devices.

A recent security update patched two critical cybersecurity vulnerabilities (CVE-2026-1281 and CVE-2026-1340, both CVSS: 9.8). Both vulnerabilities are code injection vulnerabilities, allowing unauthenticated attackers to execute remote code.

[Affected Platforms]
Ivanti Endpoint Manager Mobile 12.5.0.0 and earlier
Ivanti Endpoint Manager Mobile 12.5.1.0 and earlier
Ivanti Endpoint Manager Mobile 12.6.0.0 and earlier
Ivanti Endpoint Manager Mobile 12.6.1.0 and earlier
Ivanti Endpoint Manager Mobile 12.7.0.0 and earlier

[Recommended Actions]
Patch according to the solution released on the official website: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US