Avalanche@6.3.2 Security Vulnerabilities and Issues — Avalanche@6.3.2 CVE List

Lucene search

IvantiAvalanche6.3.2

6 matches found

CVE•added 2022/04/06 2:15 a.m.•79 views

CVE-2021-30497

Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive inf...

7.5CVSS7.3AI score0.93198EPSS

CVE•added 2024/08/14 3:15 a.m.•64 views

CVE-2024-38652

Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.

9.1CVSS7.3AI score0.02882EPSS

CVE•added 2024/08/14 3:15 a.m.•58 views

CVE-2024-38653

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

8.2CVSS7.1AI score0.86261EPSS

CVE•added 2024/08/14 3:15 a.m.•49 views

CVE-2024-37373

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.

7.2CVSS6.7AI score0.02773EPSS

CVE•added 2024/08/14 3:15 a.m.•47 views

CVE-2024-36136

An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

7.5CVSS7.1AI score0.01402EPSS

CVE•added 2024/08/14 3:15 a.m.•44 views

CVE-2024-37399

A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

7.5CVSS7.1AI score0.02218EPSS