Vulnerabilities > Ivanti > Avalanche > 6.4.0

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2024-13179 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
9.8
2025-01-14 CVE-2024-13180 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti CWE-22
7.5
2025-01-14 CVE-2024-13181 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
9.8
2024-08-14 CVE-2024-36136 Off-by-one Error vulnerability in Ivanti Avalanche
An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
network
low complexity
ivanti CWE-193
7.5
2024-08-14 CVE-2024-37373 Unspecified vulnerability in Ivanti Avalanche
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
network
low complexity
ivanti
7.2
2024-08-14 CVE-2024-37399 NULL Pointer Dereference vulnerability in Ivanti Avalanche
A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
network
low complexity
ivanti CWE-476
7.5
2024-08-14 CVE-2024-38652 Path Traversal vulnerability in Ivanti Avalanche
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
network
low complexity
ivanti CWE-22
critical
9.1
2024-08-14 CVE-2024-38653 XXE vulnerability in Ivanti Avalanche
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
network
low complexity
ivanti CWE-611
7.5
2024-05-31 CVE-2024-29848 Unspecified vulnerability in Ivanti Avalanche
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
network
low complexity
ivanti
7.2
2024-04-25 CVE-2024-23527 Unspecified vulnerability in Ivanti Avalanche
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
network
low complexity
ivanti
7.5