Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-36136

An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

Published

2024-08-14T03:15:04.390

Last Modified

2024-08-15T17:31:15.880

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses
  • Type: Primary
    CWE-193
  • Type: Secondary
    CWE-193
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ivanti avalanche 6.3.1 Yes
Application ivanti avalanche 6.3.1.1507 Yes
Application ivanti avalanche 6.3.2 Yes
Application ivanti avalanche 6.3.2 Yes
Application ivanti avalanche 6.3.2 Yes
Application ivanti avalanche 6.3.2.3490 Yes
Application ivanti avalanche 6.3.2.3490 Yes
Application ivanti avalanche 6.3.3 Yes
Application ivanti avalanche 6.3.3 Yes
Application ivanti avalanche 6.3.3.101 Yes
Application ivanti avalanche 6.3.3.101 Yes
Application ivanti avalanche 6.3.4 Yes
Application ivanti avalanche 6.3.4 Yes
Application ivanti avalanche 6.3.4.153 Yes
Application ivanti avalanche 6.4.0 Yes
Application ivanti avalanche 6.4.1 Yes
Application ivanti avalanche 6.4.1 Yes
Application ivanti avalanche 6.4.1.207 Yes
Application ivanti avalanche 6.4.1.236 Yes
Application ivanti avalanche 6.4.2 Yes
References