Vulnerabilities > Ivanti > Avalanche > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-29 | CVE-2022-36975 | Unspecified vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |
| 2023-03-29 | CVE-2022-36974 | Unspecified vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |
| 2023-03-29 | CVE-2022-36972 | Unspecified vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |
| 2021-12-07 | CVE-2021-42128 | Unspecified vulnerability in Ivanti Avalanche An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. | 9.8 |
| 2021-12-07 | CVE-2021-42127 | Deserialization of Untrusted Data vulnerability in Ivanti Avalanche A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. | 9.8 |
| 2020-04-28 | CVE-2020-12442 | SQL Injection vulnerability in Ivanti Avalanche 6.3 Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. | 9.8 |