Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Avalanche  >> 6.0  Security Vulnerabilities
CVE-2024-23533
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory.
CVSS Score
4.3
EPSS Score
0.01
Published
2024-04-19
CVE-2024-22061
A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
CVSS Score
8.1
EPSS Score
0.028
Published
2024-04-19
CVE-2023-46804
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.006
Published
2023-12-19
CVE-2023-46261
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVSS Score
9.8
EPSS Score
0.019
Published
2023-12-19
CVE-2023-46262
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
CVSS Score
7.5
EPSS Score
0.502
Published
2023-12-19
CVE-2023-46263
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
CVSS Score
7.2
EPSS Score
0.788
Published
2023-12-19
CVE-2023-46264
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
CVSS Score
7.2
EPSS Score
0.651
Published
2023-12-19
CVE-2023-46265
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
CVSS Score
6.5
EPSS Score
0.017
Published
2023-12-19
CVE-2023-46266
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
CVSS Score
7.3
EPSS Score
0.009
Published
2023-12-19
CVE-2023-46803
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.006
Published
2023-12-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved