Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Avalanche  >> 6.1.103.53  Security Vulnerabilities
CVE-2024-47011
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
CVSS Score
7.5
EPSS Score
0.095
Published
2024-10-08
CVE-2024-47007
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.05
Published
2024-10-08
CVE-2024-47008
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
CVSS Score
7.5
EPSS Score
0.088
Published
2024-10-08
CVE-2024-47009
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
CVSS Score
7.3
EPSS Score
0.135
Published
2024-10-08
CVE-2024-29848
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
CVSS Score
7.2
EPSS Score
0.052
Published
2024-05-31
CVE-2024-23527
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVSS Score
5.3
EPSS Score
0.014
Published
2024-04-25
CVE-2024-27975
An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVSS Score
8.8
EPSS Score
0.015
Published
2024-04-19
CVE-2024-27976
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVSS Score
8.8
EPSS Score
0.028
Published
2024-04-19
CVE-2024-27977
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service.
CVSS Score
7.1
EPSS Score
0.03
Published
2024-04-19
CVE-2024-27978
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
CVSS Score
6.5
EPSS Score
0.018
Published
2024-04-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved