Lucene search
PRIOn knowledge basePRION:CVE-2023-39336HistoryJan 09, 2024 - 2:15 a.m.
Sql injection
2024-01-0902:15:00
PRIOn knowledge base
www.prio-n.com
5
sql injection
ivanti endpoint manager
network access
arbitrary queries
output retrieval
authentication bypass
remote code execution
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| endpoint_manager | eq | 2022 su1 | |
| endpoint_manager | lt | 2022 | |
| endpoint_manager | eq | 2022 | |
| endpoint_manager | eq | 2022 su2 | |
| endpoint_manager | eq | 2022 su3 | |
| endpoint_manager | eq | 2022 su4 |
Related
nvd
nvd
CVE-2023-39336
2024-01-09 02:15:44
hivepro
hivepro
Ivanti Addresses Critical Vulnerability in Endpoint Manager
2024-01-08 09:07:35
Attacks, Vulnerabilities and Actors 1 January to 7 January 2024
2024-01-09 10:10:07
nessus
nessus
Ivanti Endpoint Manager < 2022 SU5 SQLi (SA-2023-12-19)
2024-01-12 00:00:00
cve
cve
CVE-2023-39336
2024-01-09 02:15:44
cvelist
cvelist
CVE-2023-39336
2024-01-09 01:33:05
thn
thn