Ivanti: >> Avalanche >> 6.4.6 Security Vulnerabilities
SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution
CVSS Score
7.2
EPSS Score
0.004
Published
2025-08-12
Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution
CVSS Score
7.2
EPSS Score
0.011
Published
2025-08-12
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
CVSS Score
7.3
EPSS Score
0.143
Published
2025-01-14
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.
CVSS Score
7.5
EPSS Score
0.055
Published
2025-01-14