Avalanche
by Ivanti
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8297 | 0.01 | — | 0.11 | Aug 12, 2025 | Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution | |||
| CVE-2025-8296 | 0.01 | — | 0.07 | Aug 12, 2025 | SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution | |||
| CVE-2023-38036 | 0.00 | — | 0.03 | Jul 12, 2025 | A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution. |
- CVE-2025-8297Aug 12, 2025risk 0.01cvss —epss 0.11
Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution
- CVE-2025-8296Aug 12, 2025risk 0.01cvss —epss 0.07
SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution
- CVE-2023-38036Jul 12, 2025risk 0.00cvss —epss 0.03
A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.