Ivanti Endpoint Manager SQL Injection Vulnerability Allowing Arbitrary Data Read from Database

A SQL injection vulnerability has been identified in Ivanti Endpoint Manager (EPM) in versions through 2024 SU3 SR1. This vulnerability allows remote authenticated attackers to read arbitrary data from the database. The issue arises from insufficient input validation, which enables attackers to manipulate SQL queries and access sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to database information, potentially including sensitive or confidential data.

Remediation

EPM administrators can remove the Reporting database user from their configuration to address this vulnerability, but this will disable reporting functionality. For those running Ivanti EPM 2024 SU3 SR1, the risk is significantly reduced due to important security enhancements. Customers using version 2022 SU8 SR2 or prior should upgrade to the latest version of Ivanti EPM 2024.