cbcvebase.
CVE-2022-36975
published 2023-03-29

CVE-2022-36975: This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.53%
92.9th percentile
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.

Affected

2 ranges
VendorProductVersion rangeFixed in
ivantiavalanche
ivantiavalanche>= 6.3.2.3490 < 6.3.46.3.4

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability exists within the ProfileDaoImpl class — monitor for crafted HTTP requests targeting this class that may contain SQL injection payloads intended to bypass authentication
  • Target product and version for detection scope: Ivanti Avalanche 6.3.2.3490 — ensure detection rules are scoped to this version
  • This is a SQL injection (CWE-89) used for authentication bypass — inspect incoming requests to Ivanti Avalanche for unsanitized SQL metacharacters (e.g., quotes, comment sequences) in authentication-related parameters
  • ·Only Ivanti Avalanche version 6.3.2.3490 is confirmed affected; detections should be validated against this specific version
  • ·The vulnerability is remotely exploitable with no authentication required (CVSS 9.8 CRITICAL), meaning pre-auth network traffic is the primary detection surface

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.