Vulnerabilities > Ivanti > Avalanche
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-29 | CVE-2022-36977 | Deserialization of Untrusted Data vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |
| 2023-03-29 | CVE-2022-36978 | Deserialization of Untrusted Data vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |
| 2023-03-29 | CVE-2022-36979 | SQL Injection vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |
| 2023-03-29 | CVE-2022-36980 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. | 8.1 |
| 2023-03-29 | CVE-2022-36981 | Path Traversal vulnerability in Ivanti Avalanche 6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. | 9.8 |
| 2023-03-29 | CVE-2022-36982 | Path Traversal vulnerability in Ivanti Avalanche 6.3.3.101 This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. | 7.5 |
| 2023-03-29 | CVE-2022-36983 | Missing Authentication for Critical Function vulnerability in Ivanti Avalanche 6.3.3.101 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. | 9.8 |
| 2023-03-10 | CVE-2022-44574 | Improper Authentication vulnerability in Ivanti Avalanche An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port. | 7.5 |
| 2022-04-06 | CVE-2021-30497 | Path Traversal vulnerability in Ivanti Avalanche 6.3.2 Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. | 7.5 |
| 2021-12-07 | CVE-2021-42124 | Unspecified vulnerability in Ivanti Avalanche An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. | 8.8 |