Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Avalanche
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 114 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-12 | CVE-2024-50331 | An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. | Avalanche | 7.5 | ||
| 2021-12-07 | CVE-2021-42124 | An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42125 | An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42126 | An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42127 | A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. | Avalanche | 9.8 | ||
| 2021-12-07 | CVE-2021-42128 | An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. | Avalanche | 9.8 | ||
| 2021-12-07 | CVE-2021-42129 | A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42130 | A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42131 | A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42132 | A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | Avalanche | 8.8 |