LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.
Published November 16, 2020.
Ivanti Endpoint Manager
