CVE-2024-22061

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche versions prior to 6.4.3

Description A Heap Overflow vulnerability in the WLInfoRailService component allows a remote unauthenticated attacker to execute arbitrary commands. The vulnerability is related to a buffer overflow in dynamic memory, which can be exploited by a remote attacker to achieve remote code execution.

Recommendations For versions prior to 6.4.3, update to version 6.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the WLInfoRailService component until a patch is applied.