CVE-2022-36979
published 2023-03-29CVE-2022-36979: This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is…
PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.53%
92.9th percentile
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15493.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | — | — |
| ivanti | avalanche | >= 6.3.2.3490 < 6.3.4 | 6.3.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability resides in the AvalancheDaoSupport class; monitor for crafted HTTP requests targeting this class that contain SQL injection payloads intended to bypass authentication ↗
- →Focus detection on authentication bypass attempts against Ivanti Avalanche 6.3.2.3490 endpoints — look for anomalous SQL metacharacters or boolean-based injection strings in authentication request parameters ↗
- ·Exploitation requires an initial authentication step, but the existing authentication mechanism itself can be bypassed via the SQL injection — defenders should not assume pre-auth network controls alone are sufficient ↗
- ·The confirmed affected version is Ivanti Avalanche 6.3.2.3490; scope detection and patching efforts to this version specifically, while also auditing adjacent versions ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Ivanti Avalanche 6.3.2.3490 Request AvalancheDaoSupport sql injection (ZDI-22-784 / EUVD-2022-39636)
vuldb·2026-06-18·CVSS 9.8
CVE-2022-36979 [CRITICAL] Ivanti Avalanche 6.3.2.3490 Request AvalancheDaoSupport sql injection (ZDI-22-784 / EUVD-2022-39636)
A vulnerability marked as critical has been reported in Ivanti Avalanche 6.3.2.3490. This affects the function AvalancheDaoSupport of the component Request Handler. Performing a manipulation results in sql injection.
This vulnerability is cataloged as CVE-2022-36979. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.
GHSA
GHSA-rgfh-fr7j-cfww: This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6
ghsa_unreviewed·2023-03-29
CVE-2022-36979 [CRITICAL] CWE-89 GHSA-rgfh-fr7j-cfww: This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15493.
Ivanti
Ivanti Security Advisory: CVE-2022-36979
vendor_ivanti·2023-03-29·CVSS 9.8
CVE-2022-36979 [CRITICAL] CWE-89 Ivanti Security Advisory: CVE-2022-36979
Ivanti Security Advisory: CVE-2022-36979
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15493.
CVE IDs: CVE-2022-36979
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-89
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-29
Published