VulnCheck KEV: CVE-2024-38653

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server...

The vulnerability of the SmartDeviceServer component in the Ivanti Avalanche mobile device management system allows a hacker to disclose protected information.

The vulnerability of the SmartDeviceServer component in the Ivanti Avalanche mobile device management system is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

Ivanti Avalanche < 6.4.4 Multiple Vulnerabilities

The version of Ivanti Avalanche running on the remote host is prior to 6.4.4. It is, therefore, is affected by multiple vulnerabilities : - An off-by-one error in WLInfoRailService allows a remote unauthenticated attacker to crash the service. CVE-2024-36136 - Improper input validation in the...

CVE-2024-38653

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server...

CVE-2024-38653

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server...

CVE-2024-38653

CVE-2024-38653 (Ivanti Avalanche 6.3.1, SmartDeviceServer) exposes an XML External Entity (XXE) flaw that allows a remote unauthenticated attacker to read arbitrary files on the server. Root cause: XXE in SmartDeviceServer. Impact: confidential data exposure; no integrity/availability impact expl...

PT-2024-8675 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.1 Description: The issue is related to an XML External Entity XXE flaw in the SmartDeviceServer component of Ivanti Avalanche. This flaw allows a remote unauthenticated attacker to read arbitrary files on the...