Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ivanti avalanche vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-32560
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
Ivanti Avalanche
1 Github repository
1 Article
NA
CVE-2023-32561
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
Ivanti Avalanche
NA
CVE-2023-32562
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an malicious user to achieve a remove code execution. Fixed in version 6.4.1.
Ivanti Avalanche
NA
CVE-2023-32563
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
Ivanti Avalanche
1 Github repository
NA
CVE-2023-32564
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an malicious user to achieve a remove code execution.
Ivanti Avalanche
NA
CVE-2023-32565
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
Ivanti Avalanche
NA
CVE-2023-32566
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
Ivanti Avalanche
NA
CVE-2023-32567
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236
Ivanti Avalanche
7.5
CVSSv2
CVE-2021-42128
An exposed dangerous function vulnerability exists in Ivanti Avalanche prior to 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.
Ivanti Avalanche
2.1
CVSSv2
CVE-2018-8901
An issue exists in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue onl...
Ivanti Avalanche
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »