Path Traversal in Avalanche

CVE-2023-28127

A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.586 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a Avalanche — versions Avalanche version 6.3.x and below

Weakness classification (CWE)

CWE-22 — Path Traversal

References

forums.ivanti.com/s/article/ZDI-CAN-17769-Ivanti-Avalanche-getLogFile-Directory…