An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
9.1CVSS
9AI Score
0.006EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the JwtTokenUtilit...
8.8CVSS
9.3AI Score
0.032EPSS
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can levera...
9.8CVSS
9.6AI Score
0.093EPSS
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ProfileDaoImpl ...
8.8CVSS
9.1AI Score
0.093EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File Serve...
9.8CVSS
9.8AI Score
0.144EPSS
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can levera...
9.8CVSS
9.6AI Score
0.093EPSS
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage...
9.8CVSS
9.6AI Score
0.093EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Certificate Ma...
9.8CVSS
9.8AI Score
0.177EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification S...
9.8CVSS
9.8AI Score
0.177EPSS
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSup...
9.8CVSS
8.3AI Score
0.093EPSS
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServe...
8.1CVSS
8.5AI Score
0.007EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceLogResour...
9.8CVSS
9.3AI Score
0.096EPSS
This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler ...
7.5CVSS
6.5AI Score
0.012EPSS
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing...
9.8CVSS
8.2AI Score
0.007EPSS
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
7.8CVSS
7.6AI Score
0.002EPSS
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
7.8CVSS
7.6AI Score
0.002EPSS
An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.
7.5CVSS
7.6AI Score
0.01EPSS
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.
5.9CVSS
5.9AI Score
0.018EPSS
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.
5.9CVSS
6AI Score
0.025EPSS
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.
7.5CVSS
7.2AI Score
0.006EPSS
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
7.2CVSS
7AI Score
0.13EPSS
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
9.8CVSS
9.2AI Score
0.692EPSS
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
7.5CVSS
7.1AI Score
0.007EPSS
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.
9.8CVSS
6.8AI Score
0.01EPSS
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
9.8CVSS
8.9AI Score
0.359EPSS
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
9.8CVSS
6.7AI Score
0.01EPSS
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
9.1CVSS
6.2AI Score
0.008EPSS
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
9.1CVSS
6.5AI Score
0.008EPSS
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236
9.8CVSS
6.5AI Score
0.014EPSS
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
7.8CVSS
7.6AI Score
0.003EPSS
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
7.8CVSS
7.6AI Score
0.002EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
9.6AI Score
0.001EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
9.6AI Score
0.001EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
9.6AI Score
0.001EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
9.6AI Score
0.009EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
9.6AI Score
0.009EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
9.6AI Score
0.009EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
9.6AI Score
0.008EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
9.6AI Score
0.009EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
9.6AI Score
0.009EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
9.6AI Score
0.009EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
9.6AI Score
0.009EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
9.6AI Score
0.009EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
7.8AI Score
0.009EPSS
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
9.8CVSS
9.6AI Score
0.009EPSS
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
7.5CVSS
7.6AI Score
0.01EPSS
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
9.8CVSS
7.2AI Score
0.004EPSS
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
9.8CVSS
7.1AI Score
0.012EPSS
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
9.8CVSS
6.4AI Score
0.011EPSS
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
9.1CVSS
7.1AI Score
0.006EPSS