CVE-2024-38653

High

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

hackerone·CWE-611·Published 2024-08-14

CVSS

7.5

EPSS

0.92

KEV

Exploits

cve.orgen

130 chars

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

NVDen

130 chars

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

XXE en SmartDeviceServer en Ivanti Avalanche 6.3.1 permite que un atacante remoto no autenticado lea archivos arbitrarios en el servidor.

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	8.2	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
3.0	Primary	cve.org	8.2	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
3.0	Secondary	NVD	8.2	3.9	4.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N