2 matches found
CVE-2024-24992
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...
CVE-2024-24992
Ivanti Avalanche pre-6.4.3 has a Path Traversal in the web component that allows an authenticated remote attacker to execute arbitrary commands as SYSTEM. Root cause stated in connected sources as improper validation of a user-supplied path (notably via getAdhocFilePath) leading to traversal into...