CVE-2018-8901

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche versions 5.3 through 6.2

Description A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.

Recommendations For Ivanti Avalanche versions 5.3 through 6.2, consider disabling LDAP authentication as a temporary workaround until a patch is available. Restrict access to the Avalanche databases to minimize the risk of exploitation. Avoid using LDAP authentication in the affected Avalanche services until the issue is resolved.