Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-23531

An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.

Published

2024-04-19T02:15:07.670

Last Modified

2025-05-06T19:23:47.330

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ivanti	avalanche	< 6.4.3.528	Yes

References

https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US Vendor Advisory ([email protected])
https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)