3 matches found
CVE-2022-36976
creationtimestamp| type| source ---|---|--- 2023-03-29 22:21:59+00:00| seen| https://t.me/cibsecurity/61069...
CVE-2022-36976
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can levera...
CVE-2022-36976
Ivanti Avalanche 6.3.2.3490 contains an SQL injection in GroupDaoImpl that can bypass authentication via crafted input, exposing a total impact on confidentiality, integrity, and availability. Multiple connected sources (ZDI-22-781 and various CVE records) corroborate the authentication-bypass vi...