Lucene search

MitreCVE-2023-41474

HistoryJan 25, 2024 - 8:15 p.m.

CVE-2023-41474

2024-01-2520:15:36

CWE-22

mitre

web.nvd.nist.gov

directory traversal

ivanti avalanche

6.3.4.153

vulnerability

information disclosure

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

38.1%

JSON

Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.

Affected configurations

Nvd

Node

ivantiavalancheMatch6.3.4.153premise

VendorProductVersionCPE
ivantiavalanche6.3.4.153cpe:2.3:a:ivanti:avalanche:6.3.4.153:*:*:*:premise:*:*:*

Vendor	Product	Version	CPE
ivanti	avalanche	6.3.4.153	cpe:2.3:a:ivanti:avalanche:6.3.4.153::::premise:::

References

github.com/JBalanza/CVE-2023-41474

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

38.1%

JSON

Related for CVE-2023-41474