Ivanti Endpoint Manager SQL Injection Vulnerability Allowing Arbitrary Data Read from Database

A SQL injection vulnerability has been identified in Ivanti Endpoint Manager (EPM) versions 2024 SU3 SR1 and prior, as well as in the 2022 version through SU8 SR2. This vulnerability allows remote authenticated attackers to read arbitrary data from the database. The issue arises from insufficient input validation, which enables attackers to manipulate SQL queries and access sensitive data.

Impact

Exploitation of this vulnerability could lead to unauthorized access to database information, potentially including sensitive or confidential data.

Remediation

EPM administrators can remove the Reporting database user from their configuration to address this vulnerability, but this will disable reporting functionality. For those running Ivanti EPM 2024 SU3 SR1, the risk is significantly reduced due to important security enhancements. Customers using the 2022 version should upgrade to the latest version of Ivanti EPM 2024.