VYPR

Avalanche

by Ivanti

CVEs (113)

  • CVE-2021-42132HigDec 7, 2021
    risk 0.63cvss 8.8epss 0.70

    A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.

  • CVE-2021-42131HigDec 7, 2021
    risk 0.63cvss 8.8epss 0.67

    A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

  • CVE-2021-42129HigDec 7, 2021
    risk 0.63cvss 8.8epss 0.77

    A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.

  • CVE-2021-42130HigDec 7, 2021
    risk 0.62cvss 8.8epss 0.62

    A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.

  • CVE-2024-38652CriAug 14, 2024
    risk 0.60cvss 9.1epss 0.08

    Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.

  • CVE-2023-46266CriDec 19, 2023
    risk 0.59cvss 9.1epss 0.03

    An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

  • CVE-2023-32565CriAug 10, 2023
    risk 0.59cvss 9.1epss 0.02

    An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.

  • CVE-2023-32566CriAug 10, 2023
    risk 0.59cvss 9.1epss 0.02

    An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.

  • CVE-2022-36980HigMar 29, 2023
    risk 0.59cvss 8.1epss 0.83

    This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within…

  • CVE-2022-36973HigMar 29, 2023
    risk 0.58cvss 8.8epss 0.06

    This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within…

  • CVE-2022-36971HigMar 29, 2023
    risk 0.58cvss 8.8epss 0.15

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…

  • CVE-2021-42126HigDec 7, 2021
    risk 0.58cvss 8.8epss 0.04

    An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

  • CVE-2024-27976HigApr 19, 2024
    risk 0.57cvss 8.8epss 0.03

    A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

  • CVE-2024-27975HigApr 19, 2024
    risk 0.57cvss 8.8epss 0.03

    An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

  • CVE-2024-25000HigApr 19, 2024
    risk 0.57cvss 8.8epss 0.03

    A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

  • CVE-2024-24999HigApr 19, 2024
    risk 0.57cvss 8.8epss 0.03

    A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

  • CVE-2024-24998HigApr 19, 2024
    risk 0.57cvss 8.8epss 0.03

    A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

  • CVE-2024-24997HigApr 19, 2024
    risk 0.57cvss 8.8epss 0.03

    A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

  • CVE-2024-23534HigApr 19, 2024
    risk 0.57cvss 8.8epss 0.03

    An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

  • CVE-2023-28128HigMay 9, 2023
    risk 0.57cvss 7.2epss 0.85

    An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.

Page 3 of 6