PT-2025-2039 · Ivanti · Ivanti Avalanche

Published

2025-01-09

Updated

2025-01-19

CVE-2024-13180

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche versions prior to 6.4.7

Description The issue allows a remote unauthenticated attacker to leak sensitive information through path traversal. It addresses incomplete fixes from a previous issue.

Recommendations For versions prior to 6.4.7, update to version 6.4.7 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update is applied.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2025-02268

CVE-2024-13180

ZDI-25-043

Affected Products

Ivanti Avalanche

PT-2025-2039 · Ivanti · Ivanti Avalanche

CVE-2024-13180

Weakness Enumeration

Related Identifiers

Affected Products

References · 10