Lucene search

HackeroneCVELIST:CVE-2023-46807

HistoryMay 22, 2024 - 10:55 p.m.

CVE-2023-46807

2024-05-2222:55:11

hackerone

www.cve.org

sql injection

epmm

data access

database

vulnerability

authenticated user

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "EPMM",
    "versions": [
      {
        "version": "12.1.0.0",
        "status": "affected",
        "lessThan": "12.1.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

forums.ivanti.com/s/article/Security-Advisory-EPMM-May-2024?language=en_US

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-46807