Ivanti: >> Avalanche >> 6.4.0 Security Vulnerabilities
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVSS Score
5.3
EPSS Score
0.067
Published
2024-04-19
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVSS Score
5.3
EPSS Score
0.024
Published
2024-04-19
An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.
CVSS Score
7.5
EPSS Score
0.05
Published
2024-04-19
An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.
CVSS Score
7.5
EPSS Score
0.325
Published
2024-04-19
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory.
CVSS Score
4.3
EPSS Score
0.029
Published
2024-04-19
A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
CVSS Score
8.1
EPSS Score
0.036
Published
2024-04-19
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
CVSS Score
7.5
EPSS Score
0.38
Published
2023-12-19
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
CVSS Score
6.5
EPSS Score
0.013
Published
2023-12-19
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.
Thanks to a Researcher at Tenable for finding and reporting.
Fixed in version 6.4.1.
CVSS Score
8.8
EPSS Score
0.923
Published
2023-08-10
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-10