Lucene search

[email protected]NVD:CVE-2024-36136

HistoryAug 14, 2024 - 3:15 a.m.

CVE-2024-36136

2024-08-1403:15:04

CWE-193

[email protected]

web.nvd.nist.gov

off-by-one error

ivanti avalanche

6.3.1

remote unauthenticated attacker

dos

wlinforailservice

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

Affected configurations

Nvd

Node

ivantiavalancheMatch6.3.1premise

ivantiavalancheMatch6.3.1.1507premise

ivantiavalancheMatch6.3.2

ivantiavalancheMatch6.3.2windows

ivantiavalancheMatch6.3.2premise

ivantiavalancheMatch6.3.2.3490

ivantiavalancheMatch6.3.2.3490premise

ivantiavalancheMatch6.3.3

ivantiavalancheMatch6.3.3premise

ivantiavalancheMatch6.3.3.101

ivantiavalancheMatch6.3.3.101premise

ivantiavalancheMatch6.3.4

ivantiavalancheMatch6.3.4premise

ivantiavalancheMatch6.3.4.153premise

ivantiavalancheMatch6.4.0

ivantiavalancheMatch6.4.1

ivantiavalancheMatch6.4.1premise

ivantiavalancheMatch6.4.1.207premise

ivantiavalancheMatch6.4.1.236premise

ivantiavalancheMatch6.4.2premise

VendorProductVersionCPE
ivantiavalanche6.3.1cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*
ivantiavalanche6.3.1.1507cpe:2.3:a:ivanti:avalanche:6.3.1.1507:*:*:*:premise:*:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:*:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:windows:*:*
ivantiavalanche6.3.2cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:premise:*:*:*
ivantiavalanche6.3.2.3490cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:*:*:*:*
ivantiavalanche6.3.2.3490cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:premise:*:*:*
ivantiavalanche6.3.3cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:*:*:*:*
ivantiavalanche6.3.3cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:premise:*:*:*
ivantiavalanche6.3.3.101cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	avalanche	6.3.1	cpe:2.3:a:ivanti:avalanche:6.3.1::::premise:::
ivanti	avalanche	6.3.1.1507	cpe:2.3:a:ivanti:avalanche:6.3.1.1507::::premise:::
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2:::::::*
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2:::::windows::
ivanti	avalanche	6.3.2	cpe:2.3:a:ivanti:avalanche:6.3.2::::premise:::
ivanti	avalanche	6.3.2.3490	cpe:2.3:a:ivanti:avalanche:6.3.2.3490:::::::*
ivanti	avalanche	6.3.2.3490	cpe:2.3:a:ivanti:avalanche:6.3.2.3490::::premise:::
ivanti	avalanche	6.3.3	cpe:2.3:a:ivanti:avalanche:6.3.3:::::::*
ivanti	avalanche	6.3.3	cpe:2.3:a:ivanti:avalanche:6.3.3::::premise:::
ivanti	avalanche	6.3.3.101	cpe:2.3:a:ivanti:avalanche:6.3.3.101:::::::*