Published: 25/01/2024 Updated: 31/01/2024

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated malicious user to obtain sensitive information via the javax.faces.resource component.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ivanti avalanche 6.3.4.153

Check Point Reference: CPAI-2023-1596 Date Published: 18 Mar 2024 Severity: Medium ...

Public disclosure of Ivanti's Avalanche Path Traversal vulnerability

IVANTI AVALANCHE - PATH TRAVERSAL A new vulnerability has been found on Ivanti Avalanche Tested on Avalanche Server v634153 and identified as CVE-2023-41474 It’s a limited unauthenticated path traversal vulnerability, meaning that unauthorized attackers can access to any file under C:\\PROGRAM DATA\\Wavelink\\AVALANCHE\\Web\ webapps\AvalancheWeb in a default configur

CWE-22 https://github.com/JBalanza/CVE-2023-41474 https://nvd.nist.gov https://github.com/JBalanza/CVE-2023-41474 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1596.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-41474

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect