Ivanti released its security bulletin for September, addressing 13 vulnerabilities. The vulnerabilities impact Ivanti Endpoint Manager, Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. As per the Ivanti advisory, no proof exists for any of the vulnerabilities being exploited in the wild.
Tag: Ivanti Endpoint Manager
Ivanti Patches Critical SQL Injection Vulnerability in Endpoint Manager (CVE-2023-39336)
A critical severity SQL injection vulnerability has been discovered in the Ivanti Endpoint Manager. Tracked as CVE-2023-39336, the vulnerability has been given a critical severity rating with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary SQL queries and retrieve output without needing authentication.