Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Avalanche  >> 6.4.0  Security Vulnerabilities
CVE-2024-13179
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
CVSS Score
7.3
EPSS Score
0.031
Published
2025-01-14
CVE-2024-13180
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.
CVSS Score
7.5
EPSS Score
0.028
Published
2025-01-14
CVE-2024-13181
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.
CVSS Score
7.3
EPSS Score
0.036
Published
2025-01-14
CVE-2024-38652
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
CVSS Score
8.2
EPSS Score
0.02
Published
2024-08-14
CVE-2024-38653
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
CVSS Score
8.2
EPSS Score
0.873
Published
2024-08-14
CVE-2024-36136
An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
CVSS Score
7.5
EPSS Score
0.01
Published
2024-08-14
CVE-2024-37373
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
CVSS Score
7.2
EPSS Score
0.026
Published
2024-08-14
CVE-2024-37399
A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
CVSS Score
7.5
EPSS Score
0.016
Published
2024-08-14
CVE-2024-29848
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
CVSS Score
7.2
EPSS Score
0.052
Published
2024-05-31
CVE-2024-23527
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVSS Score
5.3
EPSS Score
0.067
Published
2024-04-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved