Vulnerabilities > Ivanti > Avalanche > 6.2.0.602
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-08 | CVE-2024-47008 | Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. | 7.5 |
| 2024-10-08 | CVE-2024-47009 | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |
| 2024-10-08 | CVE-2024-47010 | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |
| 2024-10-08 | CVE-2024-47011 | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information | 7.5 |
| 2024-05-31 | CVE-2024-29848 | Unspecified vulnerability in Ivanti Avalanche An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. | 7.2 |
| 2024-04-25 | CVE-2024-23527 | Unspecified vulnerability in Ivanti Avalanche An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | 7.5 |
| 2024-04-19 | CVE-2024-22061 | Unspecified vulnerability in Ivanti Avalanche A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands | 9.8 |
| 2024-04-19 | CVE-2024-23526 | Unspecified vulnerability in Ivanti Avalanche An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | 7.5 |
| 2024-04-19 | CVE-2024-23528 | Unspecified vulnerability in Ivanti Avalanche An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | 7.5 |
| 2024-04-19 | CVE-2024-23529 | Unspecified vulnerability in Ivanti Avalanche An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | 7.5 |