An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
History

Thu, 19 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti avalanche
CPEs cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti avalanche
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2024-05-31T17:38:31.376Z

Updated: 2024-09-19T05:08:34.779Z

Reserved: 2024-03-21T01:04:07.089Z

Link: CVE-2024-29848

cve-icon Vulnrichment

Updated: 2024-09-19T05:08:34.779Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-31T18:15:12.727

Modified: 2024-11-21T09:08:27.787

Link: CVE-2024-29848

cve-icon Redhat

No data.