【資安漏洞預警】Ivanti旗下Endpoint Manager Mobile (EPMM)存在2個重大資安漏洞

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】Ivanti旗下Endpoint Manager Mobile (EPMM)存在2個重大資安漏洞 [Security Vulnerability Alert] Ivanti's Endpoint Manager Mobile (EPMM) has two major security vulnerabilities.
公告內容	轉發台灣電腦網路危機處理暨協調中心資安訊息警訊 TWCERTCC-200-202601-00000028 [內容說明] Ivanti Endpoint Manager Mobile (EPMM)是一款移動設備管理解決方案，能集中管理iOS、Android、macOS和Windows設備。日前發布安全性更新已修補2個重大資安漏洞(CVE-2026-1281和CVE-2026-1340，皆為CVSS：9.8)，前述漏洞皆為程式碼注入漏洞，允許未經身分驗證的攻擊者執行遠端程式碼。 [影響平台] Ivanti Endpoint Manager Mobile 12.5.0.0 (含)更早版本 Ivanti Endpoint Manager Mobile 12.5.1.0 (含)更早版本 Ivanti Endpoint Manager Mobile 12.6.0.0 (含)更早版本 Ivanti Endpoint Manager Mobile 12.6.1.0 (含)更早版本 Ivanti Endpoint Manager Mobile 12.7.0.0 (含)更早版本 [建議措施] 根據官方網站釋出的解決方式進行修補：https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000028 [Content Description] Ivanti Endpoint Manager Mobile (EPMM) is a mobile device management solution that centrally manages iOS, Android, macOS, and Windows devices. A recent security update patched two critical cybersecurity vulnerabilities (CVE-2026-1281 and CVE-2026-1340, both CVSS: 9.8). Both vulnerabilities are code injection vulnerabilities, allowing unauthenticated attackers to execute remote code. [Affected Platforms] Ivanti Endpoint Manager Mobile 12.5.0.0 and earlier Ivanti Endpoint Manager Mobile 12.5.1.0 and earlier Ivanti Endpoint Manager Mobile 12.6.0.0 and earlier Ivanti Endpoint Manager Mobile 12.6.1.0 and earlier Ivanti Endpoint Manager Mobile 12.7.0.0 and earlier [Recommended Actions] Patch according to the solution released on the official website: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US
相關訊息	參考資料
公告時間	2026/2/3 至 2026/8/3	點閱次數	176