Lucene search

HackeroneCVELIST:CVE-2023-32567

HistoryAug 10, 2023 - 6:58 p.m.

CVE-2023-32567

2023-08-1018:58:24

hackerone

www.cve.org

ivanti avalanche

xml

external entity processing

cve-2023-32567

fixed

version 6.4.1.236

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

9.7 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "Wavelink",
    "versions": [
      {
        "version": "6.4.1.236",
        "status": "affected",
        "lessThan": "6.4.1.236",
        "versionType": "semver"
      }
    ]
  }
]

References

download.wavelink.com/Files/avalanche_v6.4.1.236_release_notes.txt

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

9.7 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Related for CVELIST:CVE-2023-32567