Avalanche Security Vulnerabilities and Issues — Avalanche CVE List

Lucene search

IvantiAvalanche

5 matches found

CVE•added 2024/01/25 8:15 p.m.•56 views

CVE-2023-41474

Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.

6.5CVSS5.9AI score0.66557EPSS

CVE•added 2024/04/19 2:15 a.m.•51 views

CVE-2024-23533

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory.

6.5CVSS4.3AI score0.00998EPSS

CVE•added 2024/04/19 2:15 a.m.•49 views

CVE-2024-24991

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.

6.5CVSS6.3AI score0.02835EPSS

CVE•added 2024/04/19 2:15 a.m.•47 views

CVE-2024-27978

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.

6.5CVSS6.3AI score0.01759EPSS

CVE•added 2018/06/29 3:29 p.m.•34 views

CVE-2018-8902

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-F...

6.5CVSS6.3AI score0.00187EPSS