Lucene search

HackeroneVULNRICHMENT:CVE-2023-46807

HistoryMay 22, 2024 - 10:55 p.m.

CVE-2023-46807

2024-05-2222:55:11

hackerone

github.com

sql injection

epmm

data access

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*"
    ],
    "vendor": "ivanti",
    "product": "endpoint_manager_mobile",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "12.1.0.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

forums.ivanti.com/s/article/Security-Advisory-EPMM-May-2024?language=en_US

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-46807