Vulnerabilities > Ivanti > Avalanche > 4.6

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2024-13179 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
9.8
2025-01-14 CVE-2024-13180 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti CWE-22
7.5
2025-01-14 CVE-2024-13181 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
9.8
2024-05-31 CVE-2024-29848 Unspecified vulnerability in Ivanti Avalanche
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
network
low complexity
ivanti
7.2
2024-04-25 CVE-2024-23527 Unspecified vulnerability in Ivanti Avalanche
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
network
low complexity
ivanti
7.5
2024-04-19 CVE-2024-22061 Unspecified vulnerability in Ivanti Avalanche
A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
network
low complexity
ivanti
critical
9.8
2024-04-19 CVE-2024-23526 Unspecified vulnerability in Ivanti Avalanche
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
network
low complexity
ivanti
7.5
2024-04-19 CVE-2024-23528 Unspecified vulnerability in Ivanti Avalanche
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
network
low complexity
ivanti
7.5
2024-04-19 CVE-2024-23529 Unspecified vulnerability in Ivanti Avalanche
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
network
low complexity
ivanti
7.5
2024-04-19 CVE-2024-23530 Unspecified vulnerability in Ivanti Avalanche
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
network
low complexity
ivanti
7.5