Primary

Context

Ivanti Virtual Traffic Manager OS Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A command injection vulnerability has been identified in Ivanti Virtual Traffic Manager (vTM) versions through 22.9r3. This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary code on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution on the affected system.

Remediation

Users can update to Ivanti Virtual Traffic Manager version 22.9r4 to address this vulnerability. The update is available through the Ivanti License System (ILS).

Added: May 12, 2026, 3:26 PM

Updated: May 12, 2026, 3:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Virtual Traffic Manager OS Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Ivanti Virtual Traffic Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating