Vulnerabilities > Ivanti > Avalanche > 6.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-13179 | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |
| 2025-01-14 | CVE-2024-13180 | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. | 7.5 |
| 2025-01-14 | CVE-2024-13181 | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |
| 2024-08-14 | CVE-2024-36136 | Off-by-one Error vulnerability in Ivanti Avalanche An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | 7.5 |
| 2024-08-14 | CVE-2024-37373 | Unspecified vulnerability in Ivanti Avalanche Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. | 7.2 |
| 2024-08-14 | CVE-2024-37399 | NULL Pointer Dereference vulnerability in Ivanti Avalanche A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | 7.5 |
| 2024-08-14 | CVE-2024-38652 | Path Traversal vulnerability in Ivanti Avalanche Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. | 9.1 |
| 2024-08-14 | CVE-2024-38653 | XXE vulnerability in Ivanti Avalanche XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. | 7.5 |
| 2024-05-31 | CVE-2024-29848 | Unspecified vulnerability in Ivanti Avalanche An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. | 7.2 |
| 2024-04-25 | CVE-2024-23527 | Unspecified vulnerability in Ivanti Avalanche An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | 7.5 |