A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 06 May 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti avalanche
CPEs cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti avalanche
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2024-08-01T23:06:25.271Z

Reserved: 2024-01-18T01:04:07.197Z

Link: CVE-2024-23535

cve-icon Vulnrichment

Updated: 2024-08-01T23:06:25.271Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-19T02:15:08.300

Modified: 2025-05-06T18:28:37.263

Link: CVE-2024-23535

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.