Avalanche@6.3.1.1507 Security Vulnerabilities and Issues — Avalanche@6.3.1.1507 CVE List

Lucene search

IvantiAvalanche6.3.1.1507

5 matches found

CVE•added 2024/08/14 3:15 a.m.•64 views

CVE-2024-38652

Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.

9.1CVSS7.3AI score0.02882EPSS

CVE•added 2024/08/14 3:15 a.m.•58 views

CVE-2024-38653

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

8.2CVSS7.1AI score0.86261EPSS

CVE•added 2024/08/14 3:15 a.m.•49 views

CVE-2024-37373

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.

7.2CVSS6.7AI score0.02773EPSS

CVE•added 2024/08/14 3:15 a.m.•47 views

CVE-2024-36136

An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

7.5CVSS7.1AI score0.01402EPSS

CVE•added 2024/08/14 3:15 a.m.•44 views

CVE-2024-37399

A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

7.5CVSS7.1AI score0.02218EPSS