CVE-2020-12442
published 2020-04-28CVE-2020-12442: Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.
PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.25%
80.7th percentile
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2020-12442
vendor_ivanti·2020-04-28·CVSS 9.8
CVE-2020-12442 [CRITICAL] CWE-89 Ivanti Security Advisory: CVE-2020-12442
Ivanti Security Advisory: CVE-2020-12442
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.
CVE IDs: CVE-2020-12442
CVSS Base Score: 9.8
Severity: CRITICAL
CWEs: CWE-89
GHSA
GHSA-43hm-fwqj-757w: Ivanti Avalanche 6
ghsa_unreviewed·2022-05-24
CVE-2020-12442 [HIGH] GHSA-43hm-fwqj-757w: Ivanti Avalanche 6
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-04-28
Published