XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
Metrics
Affected Vendors & Products
References
History
Thu, 15 Aug 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:ivanti:avalanche:6.3.1.1507:*:*:*:premise:*:*:* cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:* cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:*:*:*:* cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:premise:*:*:* cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:*:*:* cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:windows:*:* cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:premise:*:*:* cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:*:*:*:* cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:premise:*:*:* cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:*:*:*:* cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:premise:*:*:* cpe:2.3:a:ivanti:avalanche:6.3.4.153:*:*:*:premise:*:*:* cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:*:*:*:* cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:premise:*:*:* cpe:2.3:a:ivanti:avalanche:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:ivanti:avalanche:6.4.1.207:*:*:*:premise:*:*:* cpe:2.3:a:ivanti:avalanche:6.4.1.236:*:*:*:premise:*:*:* cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:premise:*:*:* cpe:2.3:a:ivanti:avalanche:6.4.2:*:*:*:premise:*:*:* |
|
Metrics |
cvssV3_1
|
Wed, 14 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ivanti
Ivanti avalanche |
|
Weaknesses | CWE-611 | |
CPEs | cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ivanti
Ivanti avalanche |
|
Metrics |
ssvc
|
Wed, 14 Aug 2024 03:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2024-08-14T02:38:00.149Z
Updated: 2024-08-14T13:47:52.793Z
Reserved: 2024-06-19T01:04:07.137Z
Link: CVE-2024-38653
Vulnrichment
Updated: 2024-08-14T13:36:28.232Z
NVD
Status : Analyzed
Published: 2024-08-14T03:15:05.200
Modified: 2024-08-15T17:32:57.587
Link: CVE-2024-38653
Redhat
No data.