GCVE - cpe:2.3:a:ivanti:avalanche:6.4.2:*:*:*:premise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:avalanche:6.4.2:*:*:*:premise:*:*:*

part: a version: 6.4.2 update: *

Vendor	Ivanti (`40b984ad-e54c-5e1b-9aa1-2a4cd4d61129`)
Product	Avalanche (`406230a0-8d9b-526f-88b7-0c6e48e09b64`)
Edition	*
Language	*
Software edition	premise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-38653`	vulnerable	2026-06-03 14:56:19.226915	Details available HIGH (8.2) XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. Published: 2024-08-14T02:38:00.149Z Updated: 2024-08-14T13:47:52.793Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38652`	vulnerable	2026-06-03 14:56:19.225681	Details available HIGH (8.2) Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. Published: 2024-08-14T02:38:00.686Z Updated: 2024-08-14T13:28:51.173Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37399`	vulnerable	2026-06-03 14:56:06.487186	Details available HIGH (7.5) A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. Published: 2024-08-14T02:38:00.168Z Updated: 2024-08-14T13:46:39.793Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37373`	vulnerable	2026-06-03 14:56:06.414623	Details available HIGH (7.2) Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. Published: 2024-08-14T02:38:00.225Z Updated: 2024-08-16T04:01:47.192Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-36136`	vulnerable	2026-06-03 14:56:03.642190	Details available HIGH (7.5) An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. Published: 2024-08-14T02:38:00.141Z Updated: 2024-08-14T13:57:53.500Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.