CVE-2024-38653

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 14, 2024
Updated: Aug 15, 2024
CWE ID 611

Summary

CVE-2024-38653 is a newly disclosed vulnerability affecting Ivanti Avalanche version 6.3.1. An XXE (XML External Entity) flaw is present in the SmartDeviceServer component, which enables a remote, unauthenticated attacker to gain unauthorized access and read sensitive files stored on the targeted server. This issue poses a serious security risk and requires an immediate update or patch to mitigate the threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Ivanti Avalanche

Affected Vendors

  • Ivanti Software Inc.