First published: Tue Jan 09 2024(Updated: )
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ivanti Endpoint Management | =2022 Service Update 5 | |
Ivanti Endpoint Manager Mobile | ||
Ivanti Sentry | ||
Ivanti Avalanche | ||
Perforce Helix Core Server | ||
Apache Struts | ||
Sophos firewalls | ||
Ivanti Endpoint Manager | <2022 | |
Ivanti Endpoint Manager | =2022 | |
Ivanti Endpoint Manager | =2022-su1 | |
Ivanti Endpoint Manager | =2022-su2 | |
Ivanti Endpoint Manager | =2022-su3 | |
Ivanti Endpoint Manager | =2022-su4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)