Lucene search
HackeroneCVELIST:CVE-2023-46262HistoryDec 19, 2023 - 3:43 p.m.
CVE-2023-46262
2023-12-1915:43:26
hackerone
www.cve.org
1
unauthenticated attack
crafted web request
server-side request forgery
ivanti avalanche remote control server
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.008 Low
EPSS
Percentile
81.5%
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
CNA Affected
[
{
"defaultStatus": "unaffected",
"vendor": "Ivanti",
"product": "Avalanche",
"versions": [
{
"version": "6.4.1",
"status": "affected",
"lessThanOrEqual": "6.4.1",
"versionType": "semver"
}
]
}
]Related
zdi
zdi
cve
cve
CVE-2023-46262
2023-12-19 16:15:11
prion
prion
Server side request forgery (ssrf)
2023-12-19 16:15:00
nvd
nvd
CVE-2023-46262
2023-12-19 16:15:11
nessus
nessus
Ivanti Avalanche < 6.4.2 Multiple Vulnerabilities
2024-02-09 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.008 Low
EPSS
Percentile
81.5%
Related for CVELIST:CVE-2023-46262