CVE-2024-47008

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche versions prior to 6.4.5

Description A server-side request forgery issue exists in the validateAMCWSConnection function of Ivanti Avalanche. This flaw allows a remote, unauthenticated attacker to disclose sensitive information by exploiting insufficient validation of incoming requests. The vulnerability impacts the ability to protect data handled by the system. The affected API endpoint is not specified. The vulnerable parameter is not specified.

Recommendations Versions prior to 6.4.5 should be updated to version 6.4.5 or later.