GCVE - cpe:2.3:a:ivanti:avalanche:-:*:*:*:premise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:avalanche:-:*:*:*:premise:*:*:*

part: a version: - update: *

Vendor	Ivanti (`40b984ad-e54c-5e1b-9aa1-2a4cd4d61129`)
Product	Avalanche (`406230a0-8d9b-526f-88b7-0c6e48e09b64`)
Edition	*
Language	*
Software edition	premise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-37399`	vulnerable	2026-06-03 14:56:06.486477	Details available HIGH (7.5) A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. Published: 2024-08-14T02:38:00.168Z Updated: 2024-08-14T13:46:39.793Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-46264`	vulnerable	2026-06-03 14:53:09.485945	Details available HIGH (7.2) An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. Published: 2023-12-19T15:43:26.340Z Updated: 2024-09-04T19:43:27.139Z Open on db.gcve.eu Reference links https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.