Lucene search
HackeroneCVELIST:CVE-2024-29848HistoryMay 31, 2024 - 5:38 p.m.
CVE-2024-29848
2024-05-3117:38:31
hackerone
www.cve.org
file upload vulnerability
ivanti avalanche
system command
unrestricted access
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
28.9%
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
CNA Affected
[
{
"defaultStatus": "unaffected",
"vendor": "Ivanti",
"product": "Avalanche",
"versions": [
{
"version": "6.4.3",
"status": "affected",
"lessThanOrEqual": "6.4.3",
"versionType": "semver"
}
]
}
]Related
zdi
zdi
cve
cve
CVE-2024-29848
2024-05-31 18:15:12
nvd
nvd
CVE-2024-29848
2024-05-31 18:15:12
vulnrichment
vulnrichment
CVE-2024-29848
2024-05-31 17:38:31
thn
thn
Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager
2024-05-23 09:21:00
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
28.9%
Related for CVELIST:CVE-2024-29848