CVE-2023-28127
published 2023-05-09CVE-2023-28127: A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.
PriorityP358high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
58.61%
99.0th percentile
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | <= 6.3.4.153 | — |
| ivanti | avalanche | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Path traversal vulnerability in Ivanti Avalanche 6.3.x and below; monitor HTTP requests for directory traversal sequences (e.g., '../') targeting Avalanche endpoints that could lead to information disclosure
- ·Vulnerability affects Ivanti Avalanche version 6.3.x and below (CWE-22, CVSS 7.5 HIGH); upgrade beyond 6.3.x to remediate ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2023-28127
vendor_ivanti·2023-05-09·CVSS 7.5
CVE-2023-28127 [HIGH] CWE-22 Ivanti Security Advisory: CVE-2023-28127
Ivanti Security Advisory: CVE-2023-28127
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.
CVE IDs: CVE-2023-28127
CVSS Base Score: 7.5
Severity: HIGH
CWEs: CWE-22
GHSA
GHSA-hvc8-58jj-hmvc: A path traversal vulnerability exists in Avalanche version 6
ghsa_unreviewed·2023-05-10
CVE-2023-28127 [HIGH] CWE-22 GHSA-hvc8-58jj-hmvc: A path traversal vulnerability exists in Avalanche version 6
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-09
Published