Vulnerabilities > Ivanti > Avalanche > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-08 CVE-2024-47010 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
 9.8
9.8
2024-10-08 CVE-2024-47009 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
 9.8
9.8
2024-08-14 CVE-2024-38652 Path Traversal vulnerability in Ivanti Avalanche
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
network
low complexity
ivanti CWE-22
critical
 9.1
9.1
2023-12-19 CVE-2023-46266 Unspecified vulnerability in Ivanti Avalanche
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
network
low complexity
ivanti
critical
 9.1
9.1
2023-12-19 CVE-2023-46265 XXE vulnerability in Ivanti Avalanche
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
network
low complexity
ivanti CWE-611
critical
 9.8
9.8
2023-12-19 CVE-2023-46264 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
network
low complexity
ivanti CWE-434
critical
 9.8
9.8
2023-12-19 CVE-2023-46263 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
network
low complexity
ivanti CWE-434
critical
 9.8
9.8
2023-12-19 CVE-2023-46261 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8
2023-12-19 CVE-2023-46260 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8
2023-12-19 CVE-2023-46259 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
 9.8
9.8