Ivanti, a provider of enterprise software, has alerted users to a critical severity vulnerability in its Endpoint Manager (EPM) product that may be used to execute code remotely (RCE).
This SQL injection bug, tracked as CVE-2023-39336, may enable an attacker with internal network access to “execute arbitrary SQL queries and retrieve output without the need for authentication.” Ivanti notes in its advisory that a successful exploit of the vulnerability could grant the attacker control over devices that are running the EPM agent.
Prior to this month, Ivanti fixed two exploited bugs in its Endpoint Manager Mobile (EPMM) product, CVE-2023-35078 and CVE-2023-35081.
Read More: Ivanti Patches Critical Vulnerability in Endpoint Manager
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.