ГлавнаяУязвимости → CVE-2023-39336
8.8высокая

CVE-2023-39336

→ есть в БДУ: BDU:2024-00303 (на русском)
Описание (на английском; русское — в БДУ выше)

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.

Затрагиваемое ПО
Ivanti Endpoint manager
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_UShttps://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US