Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20 matches found

Prion
Prionadded 2023/11/03 8:15 p.m.21 views

Unrestricted file upload

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability...

4.3CVSS6.9AI score0.00101EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/11/03 6:13 p.m.17 views

CVE-2023-41725

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability...

7.8CVSS7.8AI score0.00101EPSS
Exploits0References1
CVE
CVEadded 2023/11/03 6:13 p.m.45 views

CVE-2023-41725

Ivanti Avalanche EnterpriseServer Service contains an Unrestricted File Upload vulnerability in the saveConfig method that allows a low-privileged attacker who can run code locally to write arbitrary files and escalate to SYSTEM. Exploitation details are provided by ZDI: the flaw enables privileg...

7.8CVSS7.6AI score0.00101EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2023/11/03 12:0 a.m.1 views

Ivanti Avalanche security breach

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets, and barcode scanners. A security vulnerability exists in Ivanti Avalanche, which is caused by an Unrestricted File Upload Local Privileg...

7.8CVSS6.8AI score0.00101EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2023/05/30 12:0 a.m.2 views

PT-2023-8010 · Ivanti · Ivanti Avalanche Enterpriseserver Service

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche EnterpriseServer Service affected versions not specified Description: The issue is related to an unrestricted file upload vulnerability in the Ivanti Avalanche EnterpriseServer Service, which can be exploited to elevate...

7.8CVSS7.7AI score0.00101EPSS
Exploits0References7
Zero Day Initiative
Zero Day Initiativeadded 2023/04/24 12:0 a.m.21 views

Ivanti Avalanche EnterpriseServer GetSettings Exposed Dangerous Method Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the GetSettings class. The...

8.8CVSS6.7AI score0.01876EPSS
Exploits0References1
OSV
OSVadded 2023/03/29 7:15 p.m.0 views

CVE-2022-36980

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.1CVSS5.8AI score0.15273EPSS
Exploits0References2
NVD
NVDadded 2023/03/29 7:15 p.m.9 views

CVE-2022-36980

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

9.4CVSS8.5AI score0.15273EPSS
Exploits0References2
Prion
Prionadded 2023/03/29 7:15 p.m.21 views

Authentication flaw

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

5.1CVSS8.1AI score0.15273EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2023/03/29 12:0 a.m.6 views

CVE-2022-36980

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

9.4CVSS8.2AI score0.15273EPSS
Exploits0References2
Cvelist
Cvelistadded 2023/03/29 12:0 a.m.11 views

CVE-2022-36980

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

9.4CVSS8.4AI score0.15273EPSS
Exploits0References2
CVE
CVEadded 2023/03/29 12:0 a.m.66 views

CVE-2022-36980

CVE-2022-36980 affects Ivanti Avalanche 6.3.2.3490. The vulnerability is an authentication bypass in the EnterpriseServer service caused by lack of proper locking during authentication, enabling remote attackers to bypass authentication. Connected sources identify ZDI-22-785 and related advisorie...

9.4CVSS8.5AI score0.15273EPSS
Exploits0References2Affected Software1
Check Point Advisories
Check Point Advisoriesadded 2022/11/17 12:0 a.m.3 views

Ivanti Avalanche Enterprise Service SQL Injection (CVE-2021-42131)

An SQL injection vulnerability exists in the Ivanti Avalanche EnterpriseServer service. The vulnerability is due to insufficient validation of data sent to the EnterpriseServer service...

6.5CVSS3.2AI score0.27264EPSS
Exploits0
Zero Day Initiative
Zero Day Initiativeadded 2022/05/26 12:0 a.m.21 views

Ivanti Avalanche EnterpriseServer Service Race Condition Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service...

9.4CVSS1.5AI score0.15273EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2022/05/26 12:0 a.m.1 views

PT-2022-23724 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: This issue allows remote attackers to bypass authentication on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...

9.4CVSS8.9AI score0.15273EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiativeadded 2022/05/26 12:0 a.m.29 views

Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport clas...

7.5CVSS2.3AI score0.30906EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2022/05/26 12:0 a.m.21 views

Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this...

9.1CVSS3.3AI score0.30906EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2021/11/19 12:0 a.m.18 views

Ivanti Avalanche EnterpriseServer Service Exposed Dangerous Function Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetUser class. The issue results from the lack of authentication prior to allowing...

7.5CVSS9.1AI score0.16888EPSS
Exploits0
Zero Day Initiative
Zero Day Initiativeadded 2021/11/18 12:0 a.m.16 views

Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingsDaoImpl class. A...

9.1CVSS8.8AI score0.27264EPSS
Exploits0
NVD
NVDadded 2007/01/23 12:28 a.m.10 views

CVE-2007-0424

Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable,...

5CVSS6.7AI score0.00952EPSS
Exploits0References6
Rows per page
Query Builder