CVE-2022-36975
published 2023-03-29CVE-2022-36975: This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.53%
92.9th percentile
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | — | — |
| ivanti | avalanche | >= 6.3.2.3490 < 6.3.4 | 6.3.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability exists within the ProfileDaoImpl class — monitor for crafted HTTP requests targeting this class that may contain SQL injection payloads intended to bypass authentication ↗
- →Target product and version for detection scope: Ivanti Avalanche 6.3.2.3490 — ensure detection rules are scoped to this version ↗
- →This is a SQL injection (CWE-89) used for authentication bypass — inspect incoming requests to Ivanti Avalanche for unsanitized SQL metacharacters (e.g., quotes, comment sequences) in authentication-related parameters ↗
- ·Only Ivanti Avalanche version 6.3.2.3490 is confirmed affected; detections should be validated against this specific version ↗
- ·The vulnerability is remotely exploitable with no authentication required (CVSS 9.8 CRITICAL), meaning pre-auth network traffic is the primary detection surface ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2022-36975
vendor_ivanti·2023-03-29·CVSS 9.8
CVE-2022-36975 [CRITICAL] CWE-89 Ivanti Security Advisory: CVE-2022-36975
Ivanti Security Advisory: CVE-2022-36975
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.
CVE IDs: CVE-2022-36975
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-89
VulDB
Ivanti Avalanche 6.3.2.3490 Request ProfileDaoImpl sql injection (ZDI-22-780 / EUVD-2022-39632)
vuldb·2026-06-18·CVSS 9.8
CVE-2022-36975 [CRITICAL] Ivanti Avalanche 6.3.2.3490 Request ProfileDaoImpl sql injection (ZDI-22-780 / EUVD-2022-39632)
A vulnerability was found in Ivanti Avalanche 6.3.2.3490. It has been rated as critical. This issue affects the function ProfileDaoImpl of the component Request Handler. The manipulation leads to sql injection.
This vulnerability is referenced as CVE-2022-36975. Remote exploitation of the attack is possible. No exploit is available.
Upgrading the affected component is advised.
GHSA
GHSA-m68p-4w8c-8x3r: This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6
ghsa_unreviewed·2023-03-29
CVE-2022-36975 [CRITICAL] CWE-89 GHSA-m68p-4w8c-8x3r: This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-29
Published