Ivanti: >> Avalanche >> 6.4.0 Security Vulnerabilities
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-10
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.
CVSS Score
6.8
EPSS Score
0.273
Published
2023-08-10
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
CVSS Score
8.8
EPSS Score
0.925
Published
2023-08-10
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
CVSS Score
6.8
EPSS Score
0.273
Published
2023-08-10
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
CVSS Score
6.3
EPSS Score
0.004
Published
2023-08-10
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
CVSS Score
6.3
EPSS Score
0.004
Published
2023-08-10
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236
CVSS Score
6.5
EPSS Score
0.004
Published
2023-08-10
Page 5