Lucene search

HackeroneCVELIST:CVE-2024-38652

HistoryAug 14, 2024 - 2:38 a.m.

CVE-2024-38652

2024-08-1402:38:00

hackerone

www.cve.org

cve-2024-38652

path traversal

ivanti avalanche 6.3.1

skin management

denial of service

file deletion

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS

0.005

Percentile

75.9%

JSON

Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "Avalanche",
    "versions": [
      {
        "version": "6.4.4",
        "status": "affected",
        "lessThan": "6.4.4",
        "versionType": "custom"
      }
    ]
  }
]

References

forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS

0.005

Percentile

75.9%

JSON

Related for CVELIST:CVE-2024-38652