CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-8902

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.3%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

Products affected by CVE-2018-8902

Ivanti » Avalanche » Version: 5.3

cpe:2.3:a:ivanti:avalanche:5.3
Ivanti » Avalanche » Version: 5.3.1

cpe:2.3:a:ivanti:avalanche:5.3.1
Ivanti » Avalanche » Version: 6.0

cpe:2.3:a:ivanti:avalanche:6.0
Ivanti » Avalanche » Version: 6.1

cpe:2.3:a:ivanti:avalanche:6.1
Ivanti » Avalanche » Version: 6.1.103.53

cpe:2.3:a:ivanti:avalanche:6.1.103.53
Ivanti » Avalanche » Version: 6.1.106.337

cpe:2.3:a:ivanti:avalanche:6.1.106.337
Ivanti » Avalanche » Version: 6.1.106.496

cpe:2.3:a:ivanti:avalanche:6.1.106.496
Ivanti » Avalanche » Version: 6.2

cpe:2.3:a:ivanti:avalanche:6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-8902

Products

Pricing

Contact Us