Ivanti Avalanche Server-side Request Forgery Vulnerability Allows Leak of Sensitive Information
CVE-2024-47008

7.5HIGH

Key Information:

Vendor: Ivanti
Status: Avalanche
Vendor: CVE Published:; 8 October 2024

Summary

A server-side request forgery vulnerability exists in Ivanti Avalanche prior to version 6.4.5. This weakness allows attackers to send crafted requests that can lead to the exposure of sensitive information. A remote, unauthenticated attacker could exploit this vulnerability to access data that should be protected, posing significant risks to organizational privacy and security. Stakeholders using affected versions are encouraged to upgrade as soon as possible to mitigate exposure.

Affected Version(s)

Avalanche 6.4.5

References

https://forums.ivanti.com/s/article/Ivanti-Avalanche-6-4-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Sep 16, 2024

Collectors

NVD DatabaseMitre Database