Skip to main content

Ivanti Releases Security Updates for Vulnerability Affecting Endpoint Manager

Critical severity vulnerability could allow an attacker to execute arbitary SQL queries on an affected system 

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Critical severity vulnerability could allow an attacker to execute arbitary SQL queries on an affected system 


Affected platforms

The following platforms are known to be affected:

Threat details

Introduction

Ivanti has released security updates to address a vulnerability designated CVE-2023-39336, which affects Ivanti Endpoint Manager and has a CVSSv3 score of 9.6.

A remote, unauthenticated attacker with access to an internal network could exploit this vulnerability to execute arbitrary SQL queries and retrieve output. This could allow the attacker to take control of an affected system and potentially achieve remote code execution on core servers configured to use SQL Express.


Remediation advice

Affected organisations are encouraged to review the Ivanti Security Advisory and apply any relevant updates



Last edited: 5 January 2024 2:20 pm