Ivanti: >> Avalanche >> 6.3.4 Security Vulnerabilities
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
CVSS Score
7.3
EPSS Score
0.272
Published
2024-10-08
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
CVSS Score
7.5
EPSS Score
0.147
Published
2024-10-08
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.061
Published
2024-10-08
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
CVSS Score
7.5
EPSS Score
0.136
Published
2024-10-08
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
CVSS Score
7.3
EPSS Score
0.173
Published
2024-10-08
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
CVSS Score
8.2
EPSS Score
0.029
Published
2024-08-14
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
CVSS Score
8.2
EPSS Score
0.863
Published
2024-08-14
An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
CVSS Score
7.5
EPSS Score
0.014
Published
2024-08-14
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
CVSS Score
7.2
EPSS Score
0.028
Published
2024-08-14
A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
CVSS Score
7.5
EPSS Score
0.022
Published
2024-08-14