5 matches found
Attacks, Vulnerabilities and Actors 1 January to 7 January 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of twelve executed attacks, two instances of adversary activity, and three exploited...
CVE-2023-39336
CVE-2023-39336 affects Ivanti Endpoint Manager versions prior to 2022 SU5. The vulnerability is described as an SQL injection in the product that can be exploited by an attacker with internal-network access to execute arbitrary SQL queries and retrieve output without authentication; under certain...
CVE-2023-39336
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RC...
Ivanti Addresses Critical Vulnerability in Endpoint Manager
Summary: Ivanti addressed a critical vulnerability CVE-2023-39336 in its Endpoint Management software, ensuring secure usage for its 40,000 worldwide customers. The flaw, resolved in version 2022 Service Update 5, posed a risk of pre-authenticated sql injection and possibly Remote Code Injection ...
Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution
Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager EPM solution that, if successfully exploited, could result in remote code execution RCE on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS...