← Voltar para CVEs
CVE-2023-39336
HIGH8.8
Descricao
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueADJACENT_NETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/9/2024
Ultima modificacao6/3/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
ivanti:endpoint_manager
Fraquezas (CWE)
CWE-89CWE-89
Referencias
https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US(support@hackerone.com)
https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.