Vulnerability Database

300,213

Total vulnerabilities in the database

CVE-2024-37373

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.

Published: Aug 14, 2024
Updated: Aug 16, 2024
CVE: CVE-2024-37373
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ivanti / avalanche	6.3.2	6.3.2.x
ivanti / avalanche	6.3.4.153	6.3.4.153.x
ivanti / avalanche	6.3.3	6.3.3.x
ivanti / avalanche	6.3.3.101	6.3.3.101.x
ivanti / avalanche	6.3.4	6.3.4.x
ivanti / avalanche	6.4.0	6.4.0.x
ivanti / avalanche	6.4.1	6.4.1.x
ivanti / avalanche	6.4.1.207	6.4.1.207.x
ivanti / avalanche	6.4.1.236	6.4.1.236.x
ivanti / avalanche	6.4.2	6.4.2.x
ivanti / avalanche	6.3.2.3490	6.3.2.3490.x
ivanti / avalanche	6.3.1.1507	6.3.1.1507.x
ivanti / avalanche	6.3.1	6.3.1.x

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime