CVE-2023-39336: SQL Injection

First published: Tue Jan 09 2024(Updated: )

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.

Credit: support@hackerone.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/author
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/type
• agent/weakness
• collector/bleeping-computer
• source/BleepingComputer
• alias/CVE-2024-21887
• alias/CVE-2021-22893
• alias/CVE-2023-35078
• alias/CVE-2023-35081
• alias/CVE-2023-38035
• collector/mitre-cve
• source/MITRE
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• vendor/ivanti
• canonical/ivanti endpoint management
• version/ivanti endpoint management/2022 service update 5
• canonical/ivanti endpoint manager mobile
• canonical/ivanti sentry
• canonical/ivanti avalanche
• vendor/perforce
• canonical/perforce helix core server
• vendor/apache
• canonical/apache struts
• vendor/sophos
• canonical/sophos firewalls
• vendor/wordpress
• canonical/ivanti endpoint manager
• version/ivanti endpoint manager/2022
• version/ivanti endpoint manager/2022-su1
• version/ivanti endpoint manager/2022-su2
• version/ivanti endpoint manager/2022-su3
• version/ivanti endpoint manager/2022-su4