Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2021-30497

Published: 06/04/2022 Updated: 13/04/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ivanti avalanche 6.3.2

References

CWE-22https://forums.ivanti.com/s/article/Security-Alert-CVE-2021-30497-Directory-Traversal-Vulnerability?language=en_UShttps://ssd-disclosure.com/ssd-advisory-ivanti-avalanche-directory-traversal/https://help.ivanti.com/wl/help/en_us/aod/5.4/Avalanche/Console/Launching_the_Avalanche.htmhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypassopen redirectCVE-2024-4358CVE-2024-24199CVE-2024-5550CVE-2024-5305CVE-2024-30373CVE-2024-1800deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook