Описание
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.3.4.153 (включая)
cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*
EPSS
Процентиль: 64%
0.00463
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-305
CWE-362
CWE-362
Связанные уязвимости
CVSS3: 5.9
github
больше 2 лет назад
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.
EPSS
Процентиль: 64%
0.00463
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-305
CWE-362
CWE-362