CVE-2022-36976: 
Ivanti Avalanche vulnerability analysis and mitigation

This vulnerability (CVE-2022-36976) affects Ivanti Avalanche version 6.3.2.3490, allowing remote attackers to bypass authentication. The vulnerability was discovered in the GroupDaoImpl class, where a crafted request can trigger execution of SQL queries composed from user-supplied strings. The issue was initially reported on October 22, 2021, and was publicly disclosed on May 26, 2022 (Zero Day Initiative).

The vulnerability is classified as an SQL Injection authentication bypass with a CVSS v3.1 base score of 9.8 (CRITICAL), indicating maximum impact across confidentiality, integrity, and availability (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The specific flaw exists within the GroupDaoImpl class where user-supplied input is not properly validated before being used in SQL queries (NVD).

The vulnerability allows remote attackers to completely bypass authentication mechanisms on affected Ivanti Avalanche installations. This means an attacker can gain unauthorized access to the system without valid credentials, potentially compromising the entire system's security (Zero Day Initiative).

Ivanti has addressed this vulnerability in version 6.3.4 of Avalanche. Users should upgrade to this version to protect against exploitation. The fix is documented in the release notes under the reference ZDI-CAN-15333 (Release Notes).