Avalanche Security Vulnerabilities and Issues — Avalanche CVE List

Lucene search

IvantiAvalanche

6 matches found

CVE•added 2025/01/14 5:15 p.m.•40 views

CVE-2024-13180

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.

7.5CVSS6.9AI score0.14651EPSS

CVE•added 2025/01/14 5:15 p.m.•37 views

CVE-2024-13179

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.

9.8CVSS7.1AI score0.14315EPSS

CVE•added 2025/01/14 5:15 p.m.•37 views

CVE-2024-13181

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.

9.8CVSS7.1AI score0.27248EPSS

CVE•added 2025/07/12 4:15 a.m.•20 views

CVE-2023-38036

A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.

9.8CVSS7.9AI score0.01085EPSS

CVE•added 2025/08/12 3:15 p.m.•8 views

CVE-2025-8296

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution

7.2CVSS8.9AI score0.01026EPSS

CVE•added 2025/08/12 3:15 p.m.•8 views

CVE-2025-8297

Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution

7.2CVSS7.8AI score0.01026EPSS