CPE-C4BDCE97-4006-4458-B62B-503E16A7B5AB Detail

CPE Details

Ivanti Avalanche 6.4.1

Vendor

ivanti

Product

avalanche

Version

6.4.1

Created

2023-11-25
03h34 +00:00

Modified

2023-11-25
03h34 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:ivanti:avalanche:6.4.1:::::::*

Informations

Vendor

ivanti

Product

avalanche

Version

6.4.1

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-13181	2025-01-14 16h53 +00:00	Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.	9.8	Critical
CVE-2024-13180	2025-01-14 16h52 +00:00	Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.	7.5	High
CVE-2024-13179	2025-01-14 16h51 +00:00	Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.	9.8	Critical
CVE-2024-38652	2024-08-14 02h38 +00:00	Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.	9.1	Critical
CVE-2024-37373	2024-08-14 02h38 +00:00	Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.	7.2	High
CVE-2024-37399	2024-08-14 02h38 +00:00	A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.	7.5	High
CVE-2024-38653	2024-08-14 02h38 +00:00	XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.	7.5	High
CVE-2024-36136	2024-08-14 02h38 +00:00	An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.	7.5	High
CVE-2023-46262	2023-12-19 15h43 +00:00	An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.	7.5	High
CVE-2023-46265	2023-12-19 15h43 +00:00	An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).	9.8	Critical

Ivanti Avalanche 6.4.1

CPE Details

CPE Name: cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:ivanti:avalanche:6.4.1:::::::*