CVE-2024-24998
HIGHDescription
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Is your site exposed to CVE-2024-24998?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ivanti | avalanche |
References
Frequently Asked Questions
What is CVE-2024-24998? +
How severe is CVE-2024-24998? +
What products are affected by CVE-2024-24998? +
How do I check if I'm vulnerable to CVE-2024-24998? +
Related Vulnerabilities
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the …
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the …
In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for …
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as …
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the …