Ivanti Avalanche
By the Year
In 2024 there have been 1 vulnerability in Ivanti Avalanche with an average score of 6.5 out of ten. Last year Avalanche had 34 security vulnerabilities published. Right now, Avalanche is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 2.23
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 6.50 |
2023 | 34 | 8.73 |
2022 | 1 | 7.50 |
2021 | 10 | 8.93 |
2020 | 1 | 9.80 |
2019 | 0 | 0.00 |
2018 | 2 | 7.15 |
It may take a day or so for new Avalanche vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ivanti Avalanche Security Vulnerabilities
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153
CVE-2023-41474
6.5 - Medium
- January 25, 2024
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.
Directory traversal
An attacker can send a specially crafted request
CVE-2021-22962
9.1 - Critical
- December 19, 2023
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
CVE-2023-46262
7.5 - High
- December 19, 2023
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
XSPA
An attacker can send a specially crafted request
CVE-2023-46266
9.1 - Critical
- December 19, 2023
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
CVE-2023-46265
9.8 - Critical
- December 19, 2023
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
XXE
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
CVE-2022-43554
7.8 - High
- November 03, 2023
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
Missing Authentication for Critical Function
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
CVE-2022-43555
7.8 - High
- November 03, 2023
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
Missing Authentication for Critical Function
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
CVE-2023-41725
7.8 - High
- November 03, 2023
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
Unrestricted File Upload
Ivanti Avalanche Incorrect Default Permissions
CVE-2023-41726
7.8 - High
- November 03, 2023
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
Incorrect Default Permissions
An attacker can send a specially crafted message to the Wavelink Avalanche Manager
CVE-2023-32560
9.8 - Critical
- August 10, 2023
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
Memory Corruption
A previously generated artifact by an administrator could be accessed by an attacker
CVE-2023-32561
7.5 - High
- August 10, 2023
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack
CVE-2023-32565
9.1 - Critical
- August 10, 2023
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below
CVE-2023-32564
9.8 - Critical
- August 10, 2023
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
Unrestricted File Upload
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below
CVE-2023-32562
9.8 - Critical
- August 10, 2023
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.
Unrestricted File Upload
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
CVE-2023-32563
9.8 - Critical
- August 10, 2023
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
Directory traversal
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack
CVE-2023-32566
9.1 - Critical
- August 10, 2023
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
Ivanti Avalanche decodeToMap XML External Entity Processing
CVE-2023-32567
9.8 - Critical
- August 10, 2023
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236
XXE
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below
CVE-2023-28125
5.9 - Medium
- May 09, 2023
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.
Race Condition
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below
CVE-2023-28126
5.9 - Medium
- May 09, 2023
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.
Race Condition
A path traversal vulnerability exists in Avalanche version 6.3.x and below
CVE-2023-28127
7.5 - High
- May 09, 2023
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.
Directory traversal
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below
CVE-2023-28128
7.2 - High
- May 09, 2023
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
Unrestricted File Upload
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche
CVE-2022-36983
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15919.
Missing Authentication for Critical Function
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36980
8.1 - High
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528.
TOCTTOU
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101
CVE-2022-36981
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceLogResource class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15966.
Directory traversal
This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101
CVE-2022-36982
7.5 - High
- March 29, 2023
This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored session cookies, leading to further compromise. Was ZDI-CAN-15967.
Directory traversal
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36977
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Certificate Management Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15449.
Marshaling, Unmarshaling
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36976
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15333.
SQL Injection
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36975
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.
SQL Injection
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36974
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15330.
Marshaling, Unmarshaling
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36973
8.8 - High
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15329.
SQL Injection
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36972
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.
SQL Injection
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36971
8.8 - High
- March 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the JwtTokenUtility class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15301.
Marshaling, Unmarshaling
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36979
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15493.
SQL Injection
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36978
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15448.
Marshaling, Unmarshaling
An improper authentication vulnerability exists in Avalanche version 6.3.x and below
CVE-2022-44574
7.5 - High
- March 10, 2023
An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.
authentification
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal
CVE-2021-30497
7.5 - High
- April 06, 2022
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.
Directory traversal
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42133
8.1 - High
- December 07, 2021
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.
Inclusion of Functionality from Untrusted Control Sphere
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42126
8.8 - High
- December 07, 2021
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42124
8.8 - High
- December 07, 2021
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42132
8.8 - High
- December 07, 2021
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.
Command Injection
A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3
CVE-2021-42131
8.8 - High
- December 07, 2021
A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
SQL Injection
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42130
8.8 - High
- December 07, 2021
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.
Marshaling, Unmarshaling
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42129
8.8 - High
- December 07, 2021
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.
Command Injection
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service
CVE-2021-42128
9.8 - Critical
- December 07, 2021
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service
CVE-2021-42127
9.8 - Critical
- December 07, 2021
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.
Marshaling, Unmarshaling
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42125
8.8 - High
- December 07, 2021
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.
Unrestricted File Upload
Ivanti Avalanche 6.3 allows a SQL injection
CVE-2020-12442
9.8 - Critical
- April 28, 2020
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.
SQL Injection
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2
CVE-2018-8901
7.8 - High
- June 29, 2018
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2
CVE-2018-8902
6.5 - Medium
- June 29, 2018
An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Ivanti Avalanche or by Ivanti? Click the Watch button to subscribe.