Vulnerabilities > Ivanti > Avalanche > 6.0

DATE CVE VULNERABILITY TITLE RISK
2024-10-08 CVE-2024-47008 Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti CWE-918
7.5
7.5
2024-10-08 CVE-2024-47009 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
 9.8
9.8
2024-10-08 CVE-2024-47010 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
 9.8
9.8
2024-10-08 CVE-2024-47011 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
network
low complexity
ivanti CWE-22
7.5
7.5
2023-12-19 CVE-2021-22962 Unspecified vulnerability in Ivanti Avalanche
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
network
low complexity
ivanti
critical
 9.1
9.1
2023-12-19 CVE-2023-41727 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8
2023-12-19 CVE-2023-46216 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8
2023-12-19 CVE-2023-46217 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8
2023-12-19 CVE-2023-46220 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8
2023-12-19 CVE-2023-46221 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8