CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38652

Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.02

EPSS Ranking 82.8%

CVSS Severity

CVSS v3 Score 8.2

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373

Products affected by CVE-2024-38652

Ivanti » Avalanche » Version: 6.3.1

cpe:2.3:a:ivanti:avalanche:6.3.1
Ivanti » Avalanche » Version: 6.3.1.1507

cpe:2.3:a:ivanti:avalanche:6.3.1.1507
Ivanti » Avalanche » Version: 6.3.2

cpe:2.3:a:ivanti:avalanche:6.3.2
Ivanti » Avalanche » Version: 6.3.2.3490

cpe:2.3:a:ivanti:avalanche:6.3.2.3490
Ivanti » Avalanche » Version: 6.3.3

cpe:2.3:a:ivanti:avalanche:6.3.3
Ivanti » Avalanche » Version: 6.3.3.101

cpe:2.3:a:ivanti:avalanche:6.3.3.101
Ivanti » Avalanche » Version: 6.3.4

cpe:2.3:a:ivanti:avalanche:6.3.4
Ivanti » Avalanche » Version: 6.3.4.153

cpe:2.3:a:ivanti:avalanche:6.3.4.153
Ivanti » Avalanche » Version: 6.4.0

cpe:2.3:a:ivanti:avalanche:6.4.0
Ivanti » Avalanche » Version: 6.4.1

cpe:2.3:a:ivanti:avalanche:6.4.1
Ivanti » Avalanche » Version: 6.4.1.207

cpe:2.3:a:ivanti:avalanche:6.4.1.207
Ivanti » Avalanche » Version: 6.4.1.236

cpe:2.3:a:ivanti:avalanche:6.4.1.236
Ivanti » Avalanche » Version: 6.4.2

cpe:2.3:a:ivanti:avalanche:6.4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38652

Products

Pricing

Contact Us