CVE-2023-41474

Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component...

PT-2024-1727 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.4.153 Description: The issue is related to a Directory Traversal vulnerability in the javax.faces.resource component, which can be exploited by a remote authenticated attacker to obtain sensitive information. This...

Ivanti Avalanche security breach

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche version 6.3.4.153 that originates from a vulnerability that cou...

CVE-2023-41474

CVE-2023-41474 – Ivanti Avalanche 6.3.4.153 : A directory traversal vulnerability exists in the javax.faces.resource component. An authenticated remote attacker can obtain sensitive information due to improper access-control in resource path handling. From the documents, the CVSS v3.1 base score ...

CVE-2023-41474

Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component...