Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Avalanche  >> 6.4.2  Security Vulnerabilities
CVE-2024-47011
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
CVSS Score
7.5
EPSS Score
0.07
Published
2024-10-08
CVE-2024-47007
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.039
Published
2024-10-08
CVE-2024-47008
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
CVSS Score
7.5
EPSS Score
0.07
Published
2024-10-08
CVE-2024-47009
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
CVSS Score
7.3
EPSS Score
0.078
Published
2024-10-08
CVE-2024-38652
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
CVSS Score
8.2
EPSS Score
0.02
Published
2024-08-14
CVE-2024-38653
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
CVSS Score
8.2
EPSS Score
0.873
Published
2024-08-14
CVE-2024-36136
An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
CVSS Score
7.5
EPSS Score
0.01
Published
2024-08-14
CVE-2024-37373
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
CVSS Score
7.2
EPSS Score
0.026
Published
2024-08-14
CVE-2024-37399
A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
CVSS Score
7.5
EPSS Score
0.016
Published
2024-08-14
CVE-2024-29848
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
CVSS Score
7.2
EPSS Score
0.052
Published
2024-05-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved