Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Avalanche  >> 6.3.4.153  Security Vulnerabilities
CVE-2024-23527
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVSS Score
5.3
EPSS Score
0.067
Published
2024-04-25
CVE-2024-27975
An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVSS Score
8.8
EPSS Score
0.091
Published
2024-04-19
CVE-2024-27976
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVSS Score
8.8
EPSS Score
0.172
Published
2024-04-19
CVE-2024-27977
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service.
CVSS Score
7.1
EPSS Score
0.075
Published
2024-04-19
CVE-2024-27978
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
CVSS Score
6.5
EPSS Score
0.028
Published
2024-04-19
CVE-2024-27984
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service.
CVSS Score
7.1
EPSS Score
0.023
Published
2024-04-19
CVE-2024-29204
A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
CVSS Score
9.8
EPSS Score
0.046
Published
2024-04-19
CVE-2024-24995
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVSS Score
8.8
EPSS Score
0.075
Published
2024-04-19
CVE-2024-24996
A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.062
Published
2024-04-19
CVE-2024-24997
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVSS Score
8.8
EPSS Score
0.172
Published
2024-04-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved