cbcvebase.
CVE-2023-28127
published 2023-05-09

CVE-2023-28127: A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.

PriorityP358high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
58.61%
99.0th percentile
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.

Affected

2 ranges
VendorProductVersion rangeFixed in
ivantiavalanche<= 6.3.4.153
ivantiavalanche

Detection & IOCsextracted from sources · hover to see the quote

  • Path traversal vulnerability in Ivanti Avalanche 6.3.x and below; monitor HTTP requests for directory traversal sequences (e.g., '../') targeting Avalanche endpoints that could lead to information disclosure
  • ·Vulnerability affects Ivanti Avalanche version 6.3.x and below (CWE-22, CVSS 7.5 HIGH); upgrade beyond 6.3.x to remediate
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.