CVE-2024-38653
HIGH WAF: High
CVSS 7.5
Published: 2024-08-14
CWE-611 CWE-611
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ivanti | avalanche | 6.3.1 |
| ivanti | avalanche | 6.3.1.1507 |
| ivanti | avalanche | 6.3.2 |
| ivanti | avalanche | 6.3.2 |
| ivanti | avalanche | 6.3.2 |
| ivanti | avalanche | 6.3.2.3490 |
| ivanti | avalanche | 6.3.2.3490 |
| ivanti | avalanche | 6.3.3 |
| ivanti | avalanche | 6.3.3 |
| ivanti | avalanche | 6.3.3.101 |
References
- forums.ivanti.com (Vendor Advisory)