Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Avalanche | Ivanti | 6.3.1 (including) | 6.3.1 (including) |
| Avalanche | Ivanti | 6.3.1.1507 (including) | 6.3.1.1507 (including) |
| Avalanche | Ivanti | 6.3.2 (including) | 6.3.2 (including) |
| Avalanche | Ivanti | 6.3.2.3490 (including) | 6.3.2.3490 (including) |
| Avalanche | Ivanti | 6.3.3 (including) | 6.3.3 (including) |
| Avalanche | Ivanti | 6.3.3.101 (including) | 6.3.3.101 (including) |
| Avalanche | Ivanti | 6.3.4 (including) | 6.3.4 (including) |
| Avalanche | Ivanti | 6.3.4.153 (including) | 6.3.4.153 (including) |
| Avalanche | Ivanti | 6.4.0 (including) | 6.4.0 (including) |
| Avalanche | Ivanti | 6.4.1 (including) | 6.4.1 (including) |
| Avalanche | Ivanti | 6.4.1.207 (including) | 6.4.1.207 (including) |
| Avalanche | Ivanti | 6.4.1.236 (including) | 6.4.1.236 (including) |
| Avalanche | Ivanti | 6.4.2 (including) | 6.4.2 (including) |