Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Avalanche
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 114 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-12-07 | CVE-2021-42126 | An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42127 | A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. | Avalanche | 9.8 | ||
| 2021-12-07 | CVE-2021-42128 | An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. | Avalanche | 9.8 | ||
| 2021-12-07 | CVE-2021-42129 | A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42130 | A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42131 | A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42132 | A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | Avalanche | 8.8 | ||
| 2021-12-07 | CVE-2021-42133 | An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. | Avalanche | 8.1 | ||
| 2022-04-06 | CVE-2021-30497 | Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value. | Avalanche | 7.5 | ||
| 2023-03-10 | CVE-2022-44574 | An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port. | Avalanche | 7.5 |