CVE-2023-38035 – Qualys ThreatPROTECT

Ivanti Patches Critical SQL Injection Vulnerability in Endpoint Manager (CVE-2023-39336)

Posted by Diksha Ojha on January 8, 2024January 17, 2024

A critical severity SQL injection vulnerability has been discovered in the Ivanti Endpoint Manager. Tracked as CVE-2023-39336, the vulnerability has been given a critical severity rating with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary SQL queries and retrieve output without needing authentication.

Ivanti Sentry Zero-day Vulnerability being Exploited in the wild (CVE-2023-38035)

Posted by Diksha Ojha on August 22, 2023August 23, 2023

Ivanti has released a patch to an actively exploited API Authentication Bypass vulnerability. CVE-2023-38035 has been given a high severity rating with a CVSS score of 9.8. The vulnerability may allow an unauthenticated actor to access sensitive APIs configuring the Ivanti Sentry on the administrator portal. Ivanti has mentioned in the advisory that they are … Continue reading “Ivanti Sentry Zero-day Vulnerability being Exploited in the wild (CVE-2023-38035)”