A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 17 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti avalanche
CPEs cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti avalanche

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00179}

epss

{'score': 0.00996}


Mon, 14 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00179}


Sat, 12 Jul 2025 03:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2025-07-15T03:55:10.274Z

Reserved: 2023-07-12T01:00:11.880Z

Link: CVE-2023-38036

cve-icon Vulnrichment

Updated: 2025-07-14T13:20:15.828Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-12T04:15:27.163

Modified: 2025-07-17T13:45:21.650

Link: CVE-2023-38036

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-14T22:45:33Z