Lucene search

HackeroneCVELIST:CVE-2023-46806

HistoryMay 22, 2024 - 10:55 p.m.

CVE-2023-46806

2024-05-2222:55:11

hackerone

www.cve.org

sql injection

epmm

authentication

database access

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "EPMM",
    "versions": [
      {
        "version": "12.1.0.0",
        "status": "affected",
        "lessThan": "12.1.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

forums.ivanti.com/s/article/Security-Advisory-EPMM-May-2024?language=en_US

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-46806