CVE-2023-46806: 
Ivanti Endpoint Manager Mobile vulnerability analysis and mitigation

An SQL Injection vulnerability (CVE-2023-46806) affects the web component of Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron. The vulnerability was discovered in versions before 12.1.0.0 and requires an authenticated user with appropriate privileges to exploit (CERT-EU).

CVE-2023-46806 is an SQL Injection vulnerability that allows an authenticated user with appropriate privileges to access or modify data in the underlying database. The vulnerability has been assigned a CVSS score of 6.7, indicating a moderate severity level (CERT-EU, Hacker News).

The vulnerability enables an authenticated user with appropriate privileges to access or modify data in the underlying database of the EPMM system, potentially compromising data integrity and confidentiality (CERT-EU).

Ivanti has released version 12.1.0.0 which addresses this vulnerability. Organizations are strongly recommended to update their EPMM installations to version 12.1.0.0 or later. For versions 12.0.0.0/1 and 11.12.0.1, a patch addressing this vulnerability will be available in the coming weeks (CERT-EU, Help Net Security).