What is CVE-2023-41474?

CVE-2023-41474 is a vulnerability in N/a. Published 2024-01-25.

Is CVE-2023-41474 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-41474

Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.

EPSS: 0.749 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

JBalanza/CVE-2023-41474
nomi-sec/PoC-in-GitHub

References

github.com/JBalanza/CVE-2023-41474

Frequently asked questions

What is CVE-2023-41474?: CVE-2023-41474 is a vulnerability in N/a. Published 2024-01-25.
Is CVE-2023-41474 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.