Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Avalanche  Security Vulnerabilities
CVE-2024-24993
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVSS Score
8.8
EPSS Score
0.014
Published
2024-04-19
CVE-2024-24994
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVSS Score
8.8
EPSS Score
0.42
Published
2024-04-19
CVE-2024-23526
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVSS Score
5.3
EPSS Score
0.022
Published
2024-04-19
CVE-2024-23528
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVSS Score
5.3
EPSS Score
0.022
Published
2024-04-19
CVE-2024-23529
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVSS Score
5.3
EPSS Score
0.022
Published
2024-04-19
CVE-2024-23530
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVSS Score
5.3
EPSS Score
0.013
Published
2024-04-19
CVE-2024-23531
An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.
CVSS Score
7.5
EPSS Score
0.034
Published
2024-04-19
CVE-2024-23532
An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.
CVSS Score
7.5
EPSS Score
0.166
Published
2024-04-19
CVE-2024-23533
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory.
CVSS Score
4.3
EPSS Score
0.014
Published
2024-04-19
CVE-2024-22061
A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
CVSS Score
8.1
EPSS Score
0.071
Published
2024-04-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved