Vulnerabilities > Ivanti > Avalanche

DATE CVE VULNERABILITY TITLE RISK
2024-10-08 CVE-2024-47011 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
network
low complexity
ivanti CWE-22
7.5
2024-08-14 CVE-2024-36136 Off-by-one Error vulnerability in Ivanti Avalanche
An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
network
low complexity
ivanti CWE-193
7.5
2024-08-14 CVE-2024-37373 Unspecified vulnerability in Ivanti Avalanche
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
network
low complexity
ivanti
7.2
2024-08-14 CVE-2024-37399 NULL Pointer Dereference vulnerability in Ivanti Avalanche
A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
network
low complexity
ivanti CWE-476
7.5
2024-08-14 CVE-2024-38652 Path Traversal vulnerability in Ivanti Avalanche
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
network
low complexity
ivanti CWE-22
critical
9.1
2024-08-14 CVE-2024-38653 XXE vulnerability in Ivanti Avalanche
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
network
low complexity
ivanti CWE-611
7.5
2024-01-25 CVE-2023-41474 Path Traversal vulnerability in Ivanti Avalanche 6.3.4.153
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.
network
low complexity
ivanti CWE-22
6.5
2023-12-19 CVE-2021-22962 Unspecified vulnerability in Ivanti Avalanche
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
network
low complexity
ivanti
critical
9.1
2023-12-19 CVE-2023-41727 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46216 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8