Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Low

CVE-2023-41474

Disclosure Date: January 25, 2024 (last updated February 01, 2024)
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
2
1
Attacker Value
Unknown

CVE-2024-38653

Disclosure Date: August 14, 2024 (last updated August 16, 2024)
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-38652

Disclosure Date: August 14, 2024 (last updated August 16, 2024)
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-37399

Disclosure Date: August 14, 2024 (last updated August 16, 2024)
A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-37373

Disclosure Date: August 14, 2024 (last updated August 16, 2024)
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-36136

Disclosure Date: August 14, 2024 (last updated August 16, 2024)
An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0