Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown
CVE-2024-38653
Disclosure Date: August 14, 2024 (last updated August 16, 2024)
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
0
Attacker Value
Unknown
CVE-2024-38652
Disclosure Date: August 14, 2024 (last updated August 16, 2024)
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
0
Attacker Value
Unknown
CVE-2024-37399
Disclosure Date: August 14, 2024 (last updated August 16, 2024)
A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
0
Attacker Value
Unknown
CVE-2024-37373
Disclosure Date: August 14, 2024 (last updated August 16, 2024)
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
0
Attacker Value
Unknown
CVE-2024-36136
Disclosure Date: August 14, 2024 (last updated August 16, 2024)
An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
0
Attacker Value
Unknown
CVE-2021-30497
Disclosure Date: April 06, 2022 (last updated October 07, 2023)
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.
0
