Vulnerabilities > Ivanti > Avalanche > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2024-13181 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
9.8
2025-01-14 CVE-2024-13179 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
9.8
2024-10-08 CVE-2024-47010 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
9.8
2024-10-08 CVE-2024-47009 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
9.8
2024-08-14 CVE-2024-38652 Path Traversal vulnerability in Ivanti Avalanche
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
network
low complexity
ivanti CWE-22
critical
9.1
2024-04-19 CVE-2024-29204 Unspecified vulnerability in Ivanti Avalanche
A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
network
low complexity
ivanti
critical
9.8
2024-04-19 CVE-2024-24996 Unspecified vulnerability in Ivanti Avalanche
A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.
network
low complexity
ivanti
critical
9.8
2024-04-19 CVE-2024-22061 Unspecified vulnerability in Ivanti Avalanche
A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
network
low complexity
ivanti
critical
9.8
2023-12-19 CVE-2023-46266 Unspecified vulnerability in Ivanti Avalanche
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
network
low complexity
ivanti
critical
9.1
2023-12-19 CVE-2023-46265 XXE vulnerability in Ivanti Avalanche
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
network
low complexity
ivanti CWE-611
critical
9.8