Security Advisory 2022-005

Release Date:

Critical Vulnerability in Ivanti Products



  • 19/01/2022 --- v1.0 -- Initial publication


On January 17th, Ivanti updated its advisory related to CVE-2021-44228 vulnerability affecting some of its products. While this CVE affects the Java logging library log4j [1], all products using this library are vulnerable to Unauthenticated Remote Code Execution.

Technical Details

The vulnerability exists in the Java logging library log4j. An unauthenticated remote attacker might exploit this vulnerability by sending specially crafted content to the application to execute malicious code on the server [1].

Affected products

Productaffected versionsMitigation / Fix
Avalanche6.3.0, 6.3.1, 6.3.2, and 6.3.3Available [3]
Ivanti File Director2020.3, 2021.1, 2021.3Available [4]
MobileIronSee [5]Available [5]


Ivanti and CERT-EU strongly recommends to apply mitigations or fixes mentioned in the Affected Products section.







We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.