Ivanti Avalanche 4.6

CPE Details

Ivanti Avalanche 4.6
ivanti
avalanche
4.6
2020-05-04
16h15 +00:00
2020-05-04
16h15 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:ivanti:avalanche:4.6:*:*:*:*:*:*:*

Informations

Vendor

ivanti

Product

avalanche

Version

4.6

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-13181 2025-01-14 16h53 +00:00 Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.
9.8
Critique
CVE-2024-13180 2025-01-14 16h52 +00:00 Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.
7.5
Haute
CVE-2024-13179 2025-01-14 16h51 +00:00 Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
9.8
Critique
CVE-2023-46262 2023-12-19 15h43 +00:00 An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
7.5
Haute
CVE-2023-46265 2023-12-19 15h43 +00:00 An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
9.8
Critique
CVE-2023-32560 2023-08-10 19h07 +00:00 An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
9.8
Critique
CVE-2023-32561 2023-08-10 19h07 +00:00 A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
7.5
Haute
CVE-2023-32562 2023-08-10 19h04 +00:00 An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.
9.8
Critique
CVE-2023-32563 2023-08-10 19h04 +00:00 An unauthenticated attacker could achieve the code execution through a RemoteControl server.
9.8
Critique
CVE-2023-32564 2023-08-10 19h04 +00:00 An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
9.8
Critique
CVE-2023-32565 2023-08-10 19h03 +00:00 An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
9.1
Critique
CVE-2023-32566 2023-08-10 18h58 +00:00 An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
9.1
Critique
CVE-2023-32567 2023-08-10 18h58 +00:00 Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236
9.8
Critique
CVE-2023-28127 2023-05-09 00h00 +00:00 A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.
7.5
Haute
CVE-2023-28128 2023-05-09 00h00 +00:00 An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
7.2
Haute
CVE-2022-44574 2023-03-10 00h00 +00:00 An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.
7.5
Haute
CVE-2021-42133 2021-12-07 12h13 +00:00 An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.
8.1
Haute
CVE-2021-42132 2021-12-07 12h13 +00:00 A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.
8.8
Haute
CVE-2021-42131 2021-12-07 12h13 +00:00 A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
8.8
Haute
CVE-2021-42130 2021-12-07 12h13 +00:00 A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.
8.8
Haute
CVE-2021-42129 2021-12-07 12h13 +00:00 A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.
8.8
Haute
CVE-2021-42128 2021-12-07 12h13 +00:00 An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.
9.8
Critique
CVE-2021-42127 2021-12-07 12h13 +00:00 A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.
9.8
Critique
CVE-2021-42126 2021-12-07 12h12 +00:00 An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
8.8
Haute
CVE-2021-42125 2021-12-07 12h12 +00:00 An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.
8.8
Haute
CVE-2021-42124 2021-12-07 12h12 +00:00 An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.
8.8
Haute