Lucene search

[email protected]NVD:CVE-2024-38653

HistoryAug 14, 2024 - 3:15 a.m.

CVE-2024-38653

2024-08-1403:15:05

CWE-611

[email protected]

web.nvd.nist.gov

xxe

smartdeviceserver

ivanti avalanche 6.3.1

remote unauthenticated attacker

read arbitrary files

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.007

Percentile

80.6%

JSON

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

Affected configurations

Nvd

Node

ivantiavalancheMatch6.3.1premise

ivantiavalancheMatch6.3.1.1507premise

ivantiavalancheMatch6.3.2

ivantiavalancheMatch6.3.2windows

ivantiavalancheMatch6.3.2premise

ivantiavalancheMatch6.3.2.3490

ivantiavalancheMatch6.3.2.3490premise

ivantiavalancheMatch6.3.3

ivantiavalancheMatch6.3.3premise

ivantiavalancheMatch6.3.3.101

ivantiavalancheMatch6.3.3.101premise

ivantiavalancheMatch6.3.4

ivantiavalancheMatch6.3.4premise

ivantiavalancheMatch6.3.4.153premise

ivantiavalancheMatch6.4.0

ivantiavalancheMatch6.4.1

ivantiavalancheMatch6.4.1premise

ivantiavalancheMatch6.4.1.207premise

ivantiavalancheMatch6.4.1.236premise

ivantiavalancheMatch6.4.2premise

VendorProductVersionCPE
ivantiavalanche6.3.1cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*
ivantiavalanche6.3.1.1507cpe:2.3:a:ivanti:avalanche:6.3.1.1507:*:*:*:premise:*:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:*:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:windows:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:premise:*:*:*
ivantiavalanche6.3.2.3490cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:*:*:*:*
ivantiavalanche6.3.2.3490cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:premise:*:*:*
ivantiavalanche6.3.3cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:*:*:*:*
ivantiavalanche6.3.3cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:premise:*:*:*
ivantiavalanche6.3.3.101cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	avalanche	6.3.1	cpe:2.3:a:ivanti:avalanche:6.3.1::::premise:::
ivanti	avalanche	6.3.1.1507	cpe:2.3:a:ivanti:avalanche:6.3.1.1507::::premise:::
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2:::::::*
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2:::::windows::
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2::::premise:::
ivanti	avalanche	6.3.2.3490	cpe:2.3:a:ivanti:avalanche:6.3.2.3490:::::::*
ivanti	avalanche	6.3.2.3490	cpe:2.3:a:ivanti:avalanche:6.3.2.3490::::premise:::
ivanti	avalanche	6.3.3	cpe:2.3:a:ivanti:avalanche:6.3.3:::::::*
ivanti	avalanche	6.3.3	cpe:2.3:a:ivanti:avalanche:6.3.3::::premise:::
ivanti	avalanche	6.3.3.101	cpe:2.3:a:ivanti:avalanche:6.3.3.101:::::::*