Remote Authentication Bypass Vulnerability in Ivanti Avalanche 6.3.2.3490

Remote Authentication Bypass Vulnerability in Ivanti Avalanche 6.3.2.3490

CVE-2022-36972 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.