Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-38653

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

Published

2024-08-14T03:15:05.200

Last Modified

2024-08-15T17:32:57.587

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses
  • Type: Primary
    CWE-611
  • Type: Secondary
    CWE-611
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ivanti avalanche 6.3.1 Yes
Application ivanti avalanche 6.3.1.1507 Yes
Application ivanti avalanche 6.3.2 Yes
Application ivanti avalanche 6.3.2 Yes
Application ivanti avalanche 6.3.2 Yes
Application ivanti avalanche 6.3.2.3490 Yes
Application ivanti avalanche 6.3.2.3490 Yes
Application ivanti avalanche 6.3.3 Yes
Application ivanti avalanche 6.3.3 Yes
Application ivanti avalanche 6.3.3.101 Yes
Application ivanti avalanche 6.3.3.101 Yes
Application ivanti avalanche 6.3.4 Yes
Application ivanti avalanche 6.3.4 Yes
Application ivanti avalanche 6.3.4.153 Yes
Application ivanti avalanche 6.4.0 Yes
Application ivanti avalanche 6.4.1 Yes
Application ivanti avalanche 6.4.1 Yes
Application ivanti avalanche 6.4.1.207 Yes
Application ivanti avalanche 6.4.1.236 Yes
Application ivanti avalanche 6.4.2 Yes
References