CVE-2024-27976: Vulnerability in Ivanti Avalanche
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-27976: Vulnerability in Ivanti Avalanche
Description
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- hackerone
- Date Reserved
- 2024-02-29T01:04:06.640Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 69418d7b9050fe8508ffc23f
Added to database: 12/16/2025, 4:48:59 PM
Last updated: 12/16/2025, 4:52:02 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2024-33612: CWE-295 Improper Certificate Validation in F5 BIG-IP Next Central Manager
MediumCVE-2024-33006: CWE-434: Unrestricted Upload of File with Dangerous Type in SAP_SE SAP NetWeaver Application Server ABAP and ABAP Platform
CriticalCVE-2024-30274: Out-of-bounds Write (CWE-787) in Adobe Substance3D - Painter
HighCVE-2024-29945: Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. in Splunk Splunk Enterprise
HighCVE-2024-29204: Vulnerability in Ivanti Avalanche
CriticalActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.