CVE-2022-36978

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification...

CVE-2022-36976

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can levera...

CVE-2022-36971

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Ivanti Avalanche 代码问题漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A code issue vulnerability exists in Ivanti Avalanche version 6.3.2.3490, which stems from a lack of proper...

Ivanti Avalanche SQL注入漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. Ivanti Avalanche version 6.3.2.3490 suffers from a SQL injection vulnerability that stems from a crafted request in...

CVE-2022-36971

Ivanti Avalanche 6.3.2.3490 is affected by CVE-2022-36971 due to deserialization of untrusted data in JwtTokenUtility, enabling remote code execution with network access and low attack complexity. Authentication is required but may be bypassed. No official patch/version is stated in the provided ...

Ivanti Avalanche SQL注入漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. An SQL injection vulnerability exists in Ivanti Avalanche version 6.3.2.3490. An attacker could exploit this...

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche version 6.3.2.3490, which stems from a lack of proper locking...

CVE-2022-36980

CVE-2022-36980 affects Ivanti Avalanche 6.3.2.3490. The vulnerability is an authentication bypass in the EnterpriseServer service caused by lack of proper locking during authentication, enabling remote attackers to bypass authentication. Connected sources identify ZDI-22-785 and related advisorie...

PT-2022-23723 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: This issue allows remote attackers to bypass authentication on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...

PT-2022-23719 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: The issue allows remote attackers to bypass authentication on affected installations. The specific flaw exists within the ProfileDaoImpl class, where a crafted request can trigger execution of...

PT-2022-23720 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: This issue allows remote attackers to bypass authentication on affected installations. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL...

PT-2022-23722 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...

PT-2022-23724 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: This issue allows remote attackers to bypass authentication on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...