VYPR

Avalanche

by Ivanti

CVEs (113)

  • CVE-2023-46260CriDec 19, 2023
    risk 0.64cvss 9.8epss 0.10

    An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

  • CVE-2023-46258CriDec 19, 2023
    risk 0.64cvss 9.8epss 0.07

    An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

  • CVE-2023-46224CriDec 19, 2023
    risk 0.64cvss 9.8epss 0.07

    An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

  • CVE-2023-46223CriDec 19, 2023
    risk 0.64cvss 9.8epss 0.07

    An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

  • CVE-2023-46222CriDec 19, 2023
    risk 0.64cvss 9.8epss 0.07

    An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

  • CVE-2023-46221CriDec 19, 2023
    risk 0.64cvss 9.8epss 0.07

    An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

  • CVE-2023-32567CriAug 10, 2023
    risk 0.64cvss 9.8epss 0.02

    Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236

  • CVE-2022-36983CriMar 29, 2023
    risk 0.64cvss 9.8epss 0.05

    This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of…

  • CVE-2022-36979CriMar 29, 2023
    risk 0.64cvss 9.8epss 0.07

    This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within…

  • CVE-2022-36978CriMar 29, 2023
    risk 0.64cvss 9.8epss 0.07

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…

  • CVE-2022-36977CriMar 29, 2023
    risk 0.64cvss 9.8epss 0.07

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…

  • CVE-2022-36976CriMar 29, 2023
    risk 0.64cvss 9.8epss 0.07

    This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An…

  • CVE-2022-36975CriMar 29, 2023
    risk 0.64cvss 9.8epss 0.07

    This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An…

  • CVE-2022-36972CriMar 29, 2023
    risk 0.64cvss 9.8epss 0.07

    This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An…

  • CVE-2021-42128CriDec 7, 2021
    risk 0.64cvss 9.8epss 0.04

    An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.

  • CVE-2021-42125HigDec 7, 2021
    risk 0.64cvss 8.8epss 0.82

    An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.

  • CVE-2020-12442CriApr 28, 2020
    risk 0.64cvss 9.8epss 0.02

    Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.

  • CVE-2024-24994HigApr 19, 2024
    risk 0.63cvss 8.8epss 0.68

    A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

  • CVE-2024-24992HigApr 19, 2024
    risk 0.63cvss 8.8epss 0.71

    A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

  • CVE-2024-23535HigApr 19, 2024
    risk 0.63cvss 8.8epss 0.68

    A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

Page 2 of 6