Vulnerability Database

300,213

Total vulnerabilities in the database

CVE-2024-38652

Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.

Published: Aug 14, 2024
Updated: Aug 16, 2024
CVE: CVE-2024-38652
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
ivanti / avalanche	6.3.2	6.3.2.x
ivanti / avalanche	6.3.4.153	6.3.4.153.x
ivanti / avalanche	6.3.3	6.3.3.x
ivanti / avalanche	6.3.3.101	6.3.3.101.x
ivanti / avalanche	6.3.4	6.3.4.x
ivanti / avalanche	6.4.0	6.4.0.x
ivanti / avalanche	6.4.1	6.4.1.x
ivanti / avalanche	6.4.1.207	6.4.1.207.x
ivanti / avalanche	6.4.1.236	6.4.1.236.x
ivanti / avalanche	6.4.2	6.4.2.x
ivanti / avalanche	6.3.2.3490	6.3.2.3490.x
ivanti / avalanche	6.3.1.1507	6.3.1.1507.x
ivanti / avalanche	6.3.1	6.3.1.x

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo