PT-2024-6875 · Ivanti · Ivanti Avalanche
Published
2024-04-17
·
Updated
2025-11-17
·
CVE-2024-47011
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Ivanti Avalanche versions prior to 6.4.5
Description
The issue is a path traversal affecting the Faces Mojarra component within Ivanti Avalanche. This allows a remote, unauthenticated attacker to potentially reveal sensitive information. The vulnerability stems from improper restriction of the path name to an access-restricted directory.
Recommendations
Versions prior to 6.4.5 should be updated to version 6.4.5 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Avalanche