Vulnerabilities > CVE-2023-46262 - Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ivanti

CWE-918

NVD

Published: 2023-12-19

Updated: 2023-12-28

Summary

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.

Vulnerable Configurations

Part	Description	Count
Application	Ivanti Ivanti Avalanche - Ivanti Avalanche 6.2.2 Ivanti Avalanche 6.3.2 Ivanti Avalanche 6.3.2.3490 Ivanti Avalanche 6.3.3 Ivanti Avalanche 6.3.3.101 Ivanti Avalanche 6.3.4 Ivanti Avalanche 6.3.4.153 Ivanti Avalanche 6.4.0	15

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt