CVE-2022-36972
published 2023-03-29CVE-2022-36972: This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.53%
93.0th percentile
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | — | — |
| ivanti | avalanche | >= 6.3.2.3490 < 6.3.4 | 6.3.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability exists within the ProfileDaoImpl class; monitor for crafted requests targeting this class that may contain SQL injection payloads intended to bypass authentication ↗
- →Focus detection on unauthenticated requests to Ivanti Avalanche 6.3.2.3490 endpoints that include unsanitized user-supplied strings in SQL query contexts, consistent with CWE-89 (SQL Injection) exploitation leading to authentication bypass ↗
- ·Affected version is specifically Ivanti Avalanche 6.3.2.3490; detections and mitigations should be scoped to this version ↗
- ·CVSS Base Score is 9.8 (CRITICAL) with CWE-89 (SQL Injection); prioritize patching and network-level controls for internet-exposed Avalanche instances ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Ivanti Avalanche 6.3.2.3490 Request ProfileDaoImpl sql injection (ZDI-22-777 / EUVD-2022-39629)
vuldb·2026-06-18·CVSS 9.8
CVE-2022-36972 [CRITICAL] Ivanti Avalanche 6.3.2.3490 Request ProfileDaoImpl sql injection (ZDI-22-777 / EUVD-2022-39629)
A vulnerability was found in Ivanti Avalanche 6.3.2.3490 and classified as critical. Affected by this issue is the function ProfileDaoImpl of the component Request Handler. Such manipulation leads to sql injection.
This vulnerability is uniquely identified as CVE-2022-36972. The attack can be launched remotely. No exploit exists.
It is suggested to upgrade the affected component.
GHSA
GHSA-33j8-9xqj-q27p: This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6
ghsa_unreviewed·2023-03-29
CVE-2022-36972 [CRITICAL] CWE-89 GHSA-33j8-9xqj-q27p: This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.
Ivanti
Ivanti Security Advisory: CVE-2022-36972
vendor_ivanti·2023-03-29·CVSS 9.8
CVE-2022-36972 [CRITICAL] CWE-89 Ivanti Security Advisory: CVE-2022-36972
Ivanti Security Advisory: CVE-2022-36972
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.
CVE IDs: CVE-2022-36972
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-89
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-29
Published