CVE-2024-38653
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Aug 14, 2024
Updated: Aug 15, 2024
CWE ID 611
Summary
CVE-2024-38653 is a newly disclosed vulnerability affecting Ivanti Avalanche version 6.3.1. An XXE (XML External Entity) flaw is present in the SmartDeviceServer component, which enables a remote, unauthenticated attacker to gain unauthorized access and read sensitive files stored on the targeted server. This issue poses a serious security risk and requires an immediate update or patch to mitigate the threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Ivanti Avalanche
Affected Vendors
- Ivanti Software Inc.