Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Avalanche  >> 5.3  Security Vulnerabilities
CVE-2024-22061
A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
CVSS Score
8.1
EPSS Score
0.028
Published
2024-04-19
CVE-2023-46262
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
CVSS Score
7.5
EPSS Score
0.502
Published
2023-12-19
CVE-2023-46265
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
CVSS Score
6.5
EPSS Score
0.017
Published
2023-12-19
CVE-2023-32560
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
CVSS Score
8.8
EPSS Score
0.919
Published
2023-08-10
CVE-2023-32561
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-10
CVE-2023-32562
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.
CVSS Score
6.8
EPSS Score
0.273
Published
2023-08-10
CVE-2023-32563
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
CVSS Score
8.8
EPSS Score
0.929
Published
2023-08-10
CVE-2023-32564
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
CVSS Score
6.8
EPSS Score
0.273
Published
2023-08-10
CVE-2023-32565
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
CVSS Score
6.3
EPSS Score
0.003
Published
2023-08-10
CVE-2023-32566
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
CVSS Score
6.3
EPSS Score
0.003
Published
2023-08-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved