CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-8901

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.9%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 2.1

References

Products affected by CVE-2018-8901

Ivanti » Avalanche » Version: 5.3

cpe:2.3:a:ivanti:avalanche:5.3
Ivanti » Avalanche » Version: 5.3.1

cpe:2.3:a:ivanti:avalanche:5.3.1
Ivanti » Avalanche » Version: 6.0

cpe:2.3:a:ivanti:avalanche:6.0
Ivanti » Avalanche » Version: 6.1

cpe:2.3:a:ivanti:avalanche:6.1
Ivanti » Avalanche » Version: 6.1.103.53

cpe:2.3:a:ivanti:avalanche:6.1.103.53
Ivanti » Avalanche » Version: 6.1.106.337

cpe:2.3:a:ivanti:avalanche:6.1.106.337
Ivanti » Avalanche » Version: 6.1.106.496

cpe:2.3:a:ivanti:avalanche:6.1.106.496
Ivanti » Avalanche » Version: 6.2

cpe:2.3:a:ivanti:avalanche:6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-8901

Products

Pricing

Contact Us