VYPR
Unrated severityNVD Advisory· Published Aug 14, 2024· Updated Aug 14, 2024

CVE-2024-38653

CVE-2024-38653

Description

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

Affected products

2
  • Ivanti/Avalanchellm-fuzzy2 versions
    <=6.3.1+ 1 more
    • (no CPE)range: <=6.3.1
    • (no CPE)range: 6.4.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.