CVE-2024-29848

High

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to…

hackerone·CWE-434·Published 2024-05-31

CVSS

7.2

EPSS

0.64

KEV

Exploits

cve.orgen

174 chars

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.

NVDen

174 chars

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.

NVDes

206 chars

Una vulnerabilidad de carga de archivos sin restricciones en el componente web de Ivanti Avalanche anterior a 6.4.x permite a un usuario privilegiado y autenticado ejecutar comandos arbitrarios como SYSTEM.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	7.2	—	—	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3.0	Primary	cve.org	7.2	—	—	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H