📦

avalanche

Vendor: ivanti

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 1 Code Available
Total RCEs 49 Remote Access
Total CVEs 123 Total Indexed
Avg. EPSS 21.49% Exploit Prob.
Latest CVE CVE-2025-8297 Aug 12

Security Vulnerability Index

Page 4 / 13
8.8 CVSS
CVE-2024-25000
RCE

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

EPSS: 9.02%
8.8 CVSS
CVE-2024-24999
RCE

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

EPSS: 9.02%
8.8 CVSS
CVE-2024-24998
RCE

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

EPSS: 4.89%
8.8 CVSS
CVE-2024-24997
RCE

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

EPSS: 6.77%
9.8 CVSS
CVE-2024-24996
RCE

A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.

EPSS: 31.38%
7.5 CVSS
CVE-2024-24995
RCE

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

EPSS: 3.67%
8.8 CVSS
CVE-2024-24994
RCE

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

EPSS: 48.21%
7.5 CVSS
CVE-2024-24993
RCE

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

EPSS: 1.92%
8.8 CVSS
CVE-2024-24992
RCE

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

EPSS: 61.56%
6.5 CVSS
CVE-2024-24991

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.

EPSS: 3.75%