Avalanche Security Vulnerabilities and Issues — Avalanche CVE List

Lucene search

IvantiAvalanche

14 matches found

CVE•added 2023/03/29 7:15 p.m.•62 views

CVE-2022-36983

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing...

9.8CVSS8.2AI score0.00895EPSS

CVE•added 2023/03/29 7:15 p.m.•53 views

CVE-2022-36980

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServe...

9.4CVSS8.5AI score0.0258EPSS

CVE•added 2023/03/10 10:15 p.m.•45 views

CVE-2022-44574

An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.

7.5CVSS7.6AI score0.49696EPSS

CVE•added 2023/03/29 7:15 p.m.•43 views

CVE-2022-36971

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the JwtTokenUtilit...

9.8CVSS9.3AI score0.194EPSS

CVE•added 2023/03/29 7:15 p.m.•42 views

CVE-2022-36977

9.8CVSS9.8AI score0.07933EPSS

CVE•added 2023/03/29 7:15 p.m.•40 views

CVE-2022-36978

9.8CVSS9.8AI score0.23434EPSS

CVE•added 2023/03/29 7:15 p.m.•39 views

CVE-2022-36972

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can levera...

9.8CVSS9.6AI score0.02067EPSS

CVE•added 2023/03/29 7:15 p.m.•39 views

CVE-2022-36973

9.1CVSS9.1AI score0.01933EPSS

CVE•added 2023/03/29 7:15 p.m.•36 views

CVE-2022-36974

9.8CVSS9.8AI score0.18864EPSS

CVE•added 2023/03/29 7:15 p.m.•36 views

CVE-2022-36976

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage...

9.8CVSS9.6AI score0.02129EPSS

CVE•added 2023/03/29 7:15 p.m.•34 views

CVE-2022-36981

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceLogResour...

9.8CVSS9.3AI score0.31595EPSS

CVE•added 2023/03/29 7:15 p.m.•33 views

CVE-2022-36975

9.8CVSS9.6AI score0.02067EPSS

CVE•added 2023/03/29 7:15 p.m.•33 views

CVE-2022-36982

This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler ...

7.5CVSS6.5AI score0.00846EPSS

CVE•added 2023/03/29 7:15 p.m.•30 views

CVE-2022-36979

9.8CVSS8.3AI score0.0185EPSS