CPE Details
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:premise:*:*:*
Informations
Vendor
ivantiProduct
avalancheVersion
6.4.1Software Edition
premiseRelated CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | 9.8 |
Critique |
||
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. | 7.5 |
Haute |
||
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |
Critique |
||
| An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. | 7.5 |
Haute |
||
| An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
Haute |
||
| An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
Haute |
||
| An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
Haute |
||
| A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
Haute |
||
| A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
Haute |
||
| Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information | 7.5 |
Haute |
||
| Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |
Critique |
||
| Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |
Critique |
||
| Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. | 7.5 |
Haute |
||
| A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
Haute |
||
| Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. | 9.1 |
Critique |
||
| Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. | 7.2 |
Haute |
||
| A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | 7.5 |
Haute |
||
| XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. | 7.5 |
Haute |
||
| An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | 7.5 |
Haute |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | 9.1 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | 7.5 |
Haute |
||
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | 9.8 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. | 7.5 |
Haute |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). | 9.8 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | 7.5 |
Haute |
||
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. | 9.8 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | 9.8 |
Critique |
||
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | 9.1 |
Critique |
||
| Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability | 7.8 |
Haute |
||
| Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability | 7.8 |
Haute |
||
| Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | 7.8 |
Haute |
||
| Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | 7.8 |
Haute |
2025©
tesweb SA
