SQL Injection Vulnerability in EPMM Web Component
CVE-2023-46806

Currently unrated

Key Information:

Vendor: Ivanti
Status: Epmm
Vendor: CVE Published:; 22 May 2024

What is CVE-2023-46806?

An SQL Injection vulnerability exists in a web component of the Ivanti Enterprise Policy Management Mobile (EPMM) product. This vulnerability allows an authenticated user with sufficient privileges to access or modify sensitive data stored in the underlying database. The impact of this vulnerability underscores the importance of enforcing strict access controls and the need for regular updates to mitigate security risks associated with outdated software versions.

Affected Version(s)

EPMM 12.1.0.0

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2024
Vulnerability Reserved
Oct 27, 2023