Security Advisory

CVE-2023-39336

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-09 01:33:05

Last updated 2025-06-03 14:33:22

Assigner hackerone

State PUBLISHED

Description

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.

← Browse all CVEs View on cve.org ↗