Ivanti Avalanche

Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153

CVE-2023-41474 6.5 - Medium - January 25, 2024

Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.

Directory traversal

An attacker can send a specially crafted request

CVE-2021-22962 9.1 - Critical - December 19, 2023

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.

CVE-2023-46262 7.5 - High - December 19, 2023

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.

XSPA

An attacker can send a specially crafted request

CVE-2023-46266 9.1 - Critical - December 19, 2023

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).

CVE-2023-46265 9.8 - Critical - December 19, 2023

An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).

XXE

Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability

CVE-2022-43554 7.8 - High - November 03, 2023

Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability

Missing Authentication for Critical Function

Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability

CVE-2022-43555 7.8 - High - November 03, 2023

Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability

Missing Authentication for Critical Function

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability

CVE-2023-41725 7.8 - High - November 03, 2023

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability

Unrestricted File Upload

Ivanti Avalanche Incorrect Default Permissions

CVE-2023-41726 7.8 - High - November 03, 2023

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability

Incorrect Default Permissions

An attacker can send a specially crafted message to the Wavelink Avalanche Manager

CVE-2023-32560 9.8 - Critical - August 10, 2023

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.

Memory Corruption

A previously generated artifact by an administrator could be accessed by an attacker

CVE-2023-32561 7.5 - High - August 10, 2023

A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack

CVE-2023-32565 9.1 - Critical - August 10, 2023

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below

CVE-2023-32564 9.8 - Critical - August 10, 2023

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.

Unrestricted File Upload

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below

CVE-2023-32562 9.8 - Critical - August 10, 2023

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.

Unrestricted File Upload

An unauthenticated attacker could achieve the code execution through a RemoteControl server.

CVE-2023-32563 9.8 - Critical - August 10, 2023

An unauthenticated attacker could achieve the code execution through a RemoteControl server.

Directory traversal

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack

CVE-2023-32566 9.1 - Critical - August 10, 2023

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.

Ivanti Avalanche decodeToMap XML External Entity Processing

CVE-2023-32567 9.8 - Critical - August 10, 2023

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236

XXE

An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below

CVE-2023-28125 5.9 - Medium - May 09, 2023

An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.

Race Condition

An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below

CVE-2023-28126 5.9 - Medium - May 09, 2023

An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.

Race Condition

A path traversal vulnerability exists in Avalanche version 6.3.x and below

CVE-2023-28127 7.5 - High - May 09, 2023

A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.

Directory traversal

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below

CVE-2023-28128 7.2 - High - May 09, 2023

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.

Unrestricted File Upload

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche

CVE-2022-36983 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15919.

Missing Authentication for Critical Function

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36980 8.1 - High - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528.

TOCTTOU

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101

CVE-2022-36981 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceLogResource class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15966.

Directory traversal

This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101

CVE-2022-36982 7.5 - High - March 29, 2023

This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored session cookies, leading to further compromise. Was ZDI-CAN-15967.

Directory traversal

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36977 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Certificate Management Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15449.

Marshaling, Unmarshaling

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36976 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15333.

SQL Injection

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36975 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.

SQL Injection

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36974 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15330.

Marshaling, Unmarshaling

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36973 8.8 - High - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15329.

SQL Injection

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36972 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.

SQL Injection

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36971 8.8 - High - March 29, 2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the JwtTokenUtility class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15301.

Marshaling, Unmarshaling

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36979 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15493.

SQL Injection

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36978 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15448.

Marshaling, Unmarshaling

An improper authentication vulnerability exists in Avalanche version 6.3.x and below

CVE-2022-44574 7.5 - High - March 10, 2023

An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.

authentification

Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal

CVE-2021-30497 7.5 - High - April 06, 2022

Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.

Directory traversal

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42133 8.1 - High - December 07, 2021

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.

Inclusion of Functionality from Untrusted Control Sphere

An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42126 8.8 - High - December 07, 2021

An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42124 8.8 - High - December 07, 2021

An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42132 8.8 - High - December 07, 2021

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.

Command Injection

A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3

CVE-2021-42131 8.8 - High - December 07, 2021

A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

SQL Injection

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42130 8.8 - High - December 07, 2021

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.

Marshaling, Unmarshaling

A command injection vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42129 8.8 - High - December 07, 2021

A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.

Command Injection

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service

CVE-2021-42128 9.8 - Critical - December 07, 2021

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service

CVE-2021-42127 9.8 - Critical - December 07, 2021

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.

Marshaling, Unmarshaling

An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42125 8.8 - High - December 07, 2021

An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.

Unrestricted File Upload

Ivanti Avalanche 6.3 allows a SQL injection

CVE-2020-12442 9.8 - Critical - April 28, 2020

Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.

SQL Injection

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2

CVE-2018-8901 7.8 - High - June 29, 2018

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2

CVE-2018-8902 6.5 - Medium - June 29, 2018

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product.

authentification