VulnCheck KEV: CVE-2024-38653

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server...

Ivanti Avalanche < 6.4.4 Multiple Vulnerabilities

The version of Ivanti Avalanche running on the remote host is prior to 6.4.4. It is, therefore, is affected by multiple vulnerabilities : - An off-by-one error in WLInfoRailService allows a remote unauthenticated attacker to crash the service. CVE-2024-36136 - Improper input validation in the...

CVE-2024-38653

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server...

CVE-2024-38653

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server...

CVE-2024-38653

CVE-2024-38653 (Ivanti Avalanche 6.3.1, SmartDeviceServer) exposes an XML External Entity (XXE) flaw that allows a remote unauthenticated attacker to read arbitrary files on the server. Root cause: XXE in SmartDeviceServer. Impact: confidential data exposure; no integrity/availability impact expl...

PT-2024-8675 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.1 Description: The issue is related to an XML External Entity XXE flaw in the SmartDeviceServer component of Ivanti Avalanche. This flaw allows a remote unauthenticated attacker to read arbitrary files on the...