Login Sign Up

CVE-2023-46807

6.7 MEDIUM
SQL Injection

📋 TL;DR

An SQL injection vulnerability in Ivanti EPMM's web component allows authenticated users with appropriate privileges to access or modify database data. This affects EPMM versions before 12.1.0.0. Attackers could potentially read sensitive information or alter database contents.

💻 Affected Systems

Products:
  • Ivanti EPMM (formerly MobileIron Core)
Versions: All versions before 12.1.0.0
Operating Systems: All supported EPMM platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user with appropriate privileges; not exploitable by unauthenticated users.

📦 What is this software?

Endpoint Manager Mobile by Ivanti

View all CVEs affecting Endpoint Manager Mobile →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the EPMM database, including theft of sensitive mobile device management data, user credentials, and potential lateral movement to managed devices.

🟠

Likely Case

Unauthorized data access or modification within the EPMM database, potentially exposing device information, user data, or configuration details.

🟢

If Mitigated

Limited impact due to proper access controls, network segmentation, and monitoring preventing successful exploitation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit once identified, but this requires authenticated access with appropriate privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.1.0.0 and later

Vendor Advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPMM-May-2024?language=en_US

Restart Required: Yes

Instructions:

1. Download EPMM version 12.1.0.0 or later from Ivanti support portal. 2. Backup current EPMM configuration and database. 3. Apply the update following Ivanti's upgrade documentation. 4. Restart EPMM services as required.

🔧 Temporary Workarounds

Restrict User Privileges

all

Limit database access privileges to only essential users and applications.

Network Segmentation

all

Isolate EPMM systems from untrusted networks and implement strict firewall rules.

🧯 If You Can't Patch

  • Implement strict access controls and principle of least privilege for EPMM users
  • Deploy web application firewall (WAF) with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check EPMM version in administration console: Settings > About. If version is below 12.1.0.0, system is vulnerable.

Check Version:

Not applicable - check via EPMM web interface

Verify Fix Applied:

Verify EPMM version is 12.1.0.0 or higher in administration console and test web component functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual database queries in EPMM logs
  • Multiple failed authentication attempts followed by SQL-like queries
  • Unexpected database access patterns

Network Indicators:

  • SQL syntax in HTTP POST parameters to EPMM web endpoints
  • Unusual database connection patterns from EPMM server

SIEM Query:

source="epmm" AND ("SELECT" OR "UNION" OR "INSERT" OR "UPDATE" OR "DELETE") AND status="200"

📊 Metadata

CVE ID: CVE-2023-46807
CVSS v3 Score: 6.7 (MEDIUM)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
CWE: CWE-89
Published: May 22, 2024
Last Updated: June 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46807, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)