Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Avalanche
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 86 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-01-14 | CVE-2024-13179 | Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | Avalanche | 9.8 | ||
| 2025-01-14 | CVE-2024-13180 | Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. | Avalanche | 7.5 | ||
| 2025-01-14 | CVE-2024-13181 | Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | Avalanche | 9.8 | ||
| 2024-11-12 | CVE-2024-50331 | An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. | Avalanche | 7.5 | ||
| 2021-12-07 | CVE-2021-42124 | An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42125 | An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42126 | An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42127 | A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. | Avalanche | 9.8 | ||
| 2021-12-07 | CVE-2021-42128 | An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. | Avalanche | 9.8 | ||
| 2021-12-07 | CVE-2021-42129 | A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | Avalanche | 8.8 |