ГлавнаяУязвимости → CVE-2024-29848
7.2высокая

CVE-2024-29848

Описание

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.

Затрагиваемое ПО
Ivanti Avalanche
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://forums.ivanti.com/s/article/Security-Advisory-May-2024https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed?language=en_UShttps://forums.ivanti.com/s/article/Security-Advisory-May-2024https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed?language=en_US