Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 16 Jan 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti avalanche
CPEs cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti avalanche

Thu, 16 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 14 Jan 2025 17:00:00 +0000

Type Values Removed Values Added
Description Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
Weaknesses CWE-22
CWE-288
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2025-01-16T16:53:23.111Z

Reserved: 2025-01-07T18:10:28.850Z

Link: CVE-2024-13179

cve-icon Vulnrichment

Updated: 2025-01-16T16:53:18.283Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-14T17:15:14.150

Modified: 2025-01-16T21:01:38.177

Link: CVE-2024-13179

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.