Lucene search
HackeroneCVELIST:CVE-2023-32566HistoryAug 10, 2023 - 6:58 p.m.
CVE-2023-32566
2023-08-1018:58:36
hackerone
www.cve.org
attacker
crafted request
data leakage
dos
fixed version 6.4.1
6.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.4 High
AI Score
Confidence
High
0.018 Low
EPSS
Percentile
88.2%
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
CNA Affected
[
{
"defaultStatus": "affected",
"vendor": "Ivanti",
"product": "Avalanche",
"versions": [
{
"version": "6.4.xxx",
"status": "unaffected",
"lessThan": "6.4.xxx",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2023-32566
2023-08-10 19:15:09
zdi
zdi
prion
prion
Design/Logic Flaw
2023-08-10 19:15:00
nvd
nvd
CVE-2023-32566
2023-08-10 19:15:09
thn
thn
nessus
nessus
Ivanti Avalanche < 6.4.1 Multiple Vulnerabilities
2023-08-18 00:00:00
6.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.4 High
AI Score
Confidence
High
0.018 Low
EPSS
Percentile
88.2%
Related for CVELIST:CVE-2023-32566