Search Results | AttackerKB

119 Total Results

Displaying 1-10 of 119

Attacker Value

Low

CVE-2023-41474

Disclosure Date: January 25, 2024 (last updated February 01, 2024)

Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.

Attacker Value

Moderate

CVE-2023-28128

Disclosure Date: May 09, 2023 (last updated October 08, 2023)

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.

Attack Vector: Network Privileges: High User Interaction: None

Attacker Value

Unknown

CVE-2024-13181

Disclosure Date: January 14, 2025 (last updated January 17, 2025)

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2024-13180

Disclosure Date: January 14, 2025 (last updated January 17, 2025)

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2024-13179

Disclosure Date: January 14, 2025 (last updated January 17, 2025)

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2024-50331

Disclosure Date: November 12, 2024 (last updated December 19, 2024)

An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.

Attack Vector: Network Privileges: None User Interaction: None