CVE-2023-39336

CRITICAL Year: 2023
CVSS v3 Score
9.6
Critical
Weakness Type
CWE-89
View all →

Vulnerability Description

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.

Related Vulnerabilities

CVE-2022-0153

CRITICAL
CVSS:9.6(Critical)

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.

CWE-892022

CVE-2022-1883

CRITICAL
CVSS:9.6(Critical)

SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.

CWE-892022

CVE-2024-29822

CRITICAL
CVSS:9.6(Critical)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

CWE-892024

CVE-2024-29823

CRITICAL
CVSS:9.6(Critical)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

CWE-892024

CVE-2024-29824

CRITICAL
CVSS:9.6(Critical)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

CWE-892024

CVE-2024-29825

CRITICAL
CVSS:9.6(Critical)

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

CWE-892024